Skip to main content

Vulnerability “Disable HTTP OPTIONS Method for IIS”

Penetration tools may alert if IIS server is accepting requests with HTTP OPTIONS method. This is because the response to these requests may reveal what other methods are supported by the web server.

Follow the steps below to disable OPTIONS method.

New post-apocalyptic fiction book
My new book is releasing in November 2020!
  1. Open IIS Manager
  2. Click the server name
  3. Double click on Request Filtering
  4. Go to HTTP Verbs tab
  5. On the right side, click Deny Verb
  6. Type OPTIONS. Click OK

If the security scan report shows a vulnerability about IIS default page, check this post out: Vulnerability “Remove the default page or stop/disable the IIS server”

One thought to “Vulnerability “Disable HTTP OPTIONS Method for IIS””

Leave a Reply

Your email address will not be published. Required fields are marked *