Disable 80/443 Put / Delete Methods

[roger.smith () calyonfinancial com]

Hi group,

I have a client's vulnerability audit report for a web server that
indicates that for ports 80 & 443 the PUT and DELETE methods are enabled on
the server.
The recommendation is to "disable" these methods "if possible".

What does "disable" truly mean:
a) Enable only when needed?
b) delete these methods such that they can't ever be used?....and can that
be done?

The webmaster claims there is no other way to maintain the site but also
has no rational reason other than IMHO preference.

What scenarios would make it impossible to disable these methods.

Thanks,

Roger


DISCLAIMER:
This communication may contain privileged and/or confidential
information and is intended only for the use of the individual or
entity to whom it is addressed.  No waiver of confidentiality or
privilege is made by mistransmission.  If the reader of this
message is not the intended recipient, you are hereby notified
that any unauthorized dissemination, distribution,  reading,
printing, copying and/or use of this communication is strictly
prohibited. If you have received this communication in error,
please immediately notify the sender by return e-mail and delete
this message from your system as well as destroy any paper
copies made.  Calyon Financial makes no representation or
warranty regarding the correctness of any information contained
herein, or the appropriateness of any transaction for any person.
Nothing herein shall be construed as a recommendation to buy or
sell any financial instrument or security.