HTTP request methods must be limited.ID: oval:org.secpod.oval:def:73159 | Date: (C)2021-06-08 (M)2023-07-04 |
Class: COMPLIANCE | Family: unix |
The HTTP 1.1 protocol supports several request methods that are rarely used and potentially high risk. For example, methods such as PUT and DELETE are rarely used and should be disabled in keeping with the primary security principal of minimize features and options. Also, since the usage of these methods is typically to modify resources on the web server, they should be explicitly disallowed. Normal web server operation will typically require allowing only the GET, HEAD, and POST request methods. This will allow for downloading of web pages and submitting information to web forms. The OPTIONS request method will also be allowed as it is used to request which HTTP request methods are allowed.
Product: |
Apache HTTP Server 2.4 |