How to Shutdown HTTP Methods in CA API Developer Portal
CA API Developer Portal
, CA API Gateway
Penetration Test report identifies that CA Portal exposes dangerous HTTP methods. How to disable these HTTP methods?
API Portal 3.5
You can add limits to Apache so that it will only allow GET and POST which is all that is needed in most configurations.
The other methods are required by the WebDAV which is used by the Portal Replication.
Add the following to /etc/httpd/conf/httpd.conf and run "service httpd reload"
<LimitExcept GET POST>
deny from all