Disable HTTP OPTIONS Method on Port 8443 in Workload Control Center
search cancel

Disable HTTP OPTIONS Method on Port 8443 in Workload Control Center

book

Article ID: 430883

calendar_today

Updated On:

Products

Autosys Workload Automation

Issue/Introduction

Security vulnerability scanners report that the HTTP OPTIONS method is enabled for the Workload Control Center service on port 8443 ․​​​​‌​‍

ERROR MESSAGE: "Supported Methods: OPTIONS GET HEAD POST"

SYMPTOMS:

  • Nmap or security scan on port 8443 shows OPTIONS in the list of supported HTTP methods

  • Security policies flag the OPTIONS method as a potential risk

CONTEXT:

This occurs during routine security or vulnerability scanning of the application ports

IMPACT:

Fails security compliance audits requiring low-risk HTTP methods to be disabled

Environment

Web UI (WCC) 24․0, 24․1 

Resolution

The OPTIONS can be disabled by adding below XML block in tomcat's web.xml

Path: [Tomcat Installation Directory]/conf/web․xml

<security-constraint>

  <web-resource-collection>

       <web-resource-name>Restricted Methods</web-resource-name>

       <url-pattern>/*</url-pattern>

       <http-method>OPTIONS</http-method>

   </web-resource-collection>

   <auth-constraint />

</security-constraint>

Restart the wcc services to apply the changes

VERIFY SUCCESS:

  • Run the nmap command against port 8443

  • Command: nmap -Pn -p 8443 --script http-methods localhost

  • Confirm the OPTIONS method is no longer listed in the Supported Methods output

Powered by Wolken Software