App Control: Is it safe to disable HTTP OPTIONS method in IIS on the App Control Server?
search cancel

App Control: Is it safe to disable HTTP OPTIONS method in IIS on the App Control Server?

book

Article ID: 289175

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Is it safe to disable HTTP OPTIONS method in IIS on the App Control Server?

Environment

  • App Control: All Supported Versions
  • Windows Server OS: All Supported Versions
  • IIS: Supported Versions

Resolution

There is no known problem with disabling the HTTP OPTIONS method on the IIS server.

Additional Information

Disabling HTTP OPTIONS on IIS webservers might be part of a recommendation from a vulnerability assessment. The vulnerability in question is Web servers that respond to the OPTIONS HTTP method expose what other methods are supported by the web server, allowing attackers to narrow and intensify their efforts.
Powered by Wolken Software