You are viewing the documentation for Blueriq 14. Documentation for other versions is available in our documentation directory.

Block HTTP Methods

If you would like to block certain HTTP request methods in order to minimize security risks, the Blueriq Runtime provides a configuration option to list blocked HTTP requests methods. These methods will be blocked globally. Examples of HTTP request methods that you may want to block include HEAD, OPTIONS or TRACE. By default, no HTTP request methods are blocked. The Blueriq Runtime will respond with status code 405 Method Not Allowed to requests made with a blocked HTTP method.

 

By default nothing is blocked.

The property should be:

blueriq.security.http.restricted-methods=

To block use:

blueriq.security.http.restricted-methods=head,options
  • No labels