Skip to main content

Vulnerability “Disable HTTP OPTIONS Method for IIS”

Penetration tools may alert if IIS server is accepting requests with HTTP OPTIONS method. This is because the response to these requests may reveal what other methods are supported by the web server.

Follow the steps below to disable OPTIONS method.

  1. Open IIS Manager
  2. Click the server name
  3. Double click on Request Filtering
  4. Go to HTTP Verbs tab
  5. On the right side, click Deny Verb
  6. Type OPTIONS. Click OK
HTTP OPTIONS

If the security scan report shows a vulnerability about IIS default page, check this post out: Vulnerability “Remove the default page or stop/disable the IIS server”

Leave a Reply

Your email address will not be published. Required fields are marked *