ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

How to Shutdown HTTP Methods in CA API Developer Portal


Article ID: 103210


Updated On:


CA API Developer Portal CA API Gateway


  • Penetration Test report identifies that CA Portal exposes dangerous HTTP methods. How to disable these HTTP methods? 


  • API Portal 3.5


  • You can add limits to Apache so that it will only allow GET and POST which is all that is needed in most configurations.
  • The other methods are required by the WebDAV which is used by the Portal Replication.
  1. Add the following to /etc/httpd/conf/httpd.conf and run "service httpd reload" 
<Location /> 
<LimitExcept GET POST> 
order deny,allow 
deny from all