Home » IIS » Vulnerability “Disable HTTP OPTIONS Method for IIS”

Vulnerability “Disable HTTP OPTIONS Method for IIS”

Penetration tools may alert if IIS server is accepting requests with HTTP OPTIONS method. This is because the response to these requests may reveal what other methods are supported by the web server.

Follow the steps below to disable OPTIONS method.

  1. Open IIS Manager
  2. Click the server name
  3. Double click on Request Filtering
  4. Go to HTTP Verbs tab
  5. On the right side, click Deny Verb
  6. Type OPTIONS. Click OK
HTTP OPTIONS

If the security scan report shows a vulnerability about IIS default page, check this post out: Vulnerability “Remove the default page or stop/disable the IIS server”

Ned Sahin

Blogger for 20 years. Former Microsoft Engineer. Author of six books. I love creating helpful content and sharing with the world. Reach me out for any questions or feedback.
Categories IIS

1 thought on “Vulnerability “Disable HTTP OPTIONS Method for IIS””

Leave a Comment