You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.

  • Created by Unknown User (r.arts), last modified on Nov 02, 2017

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Block HTTP Methods

If you would like to block certain HTTP request methods in order to minimize security risks, the Blueriq Runtime provides a configuration option to list blocked HTTP requests methods. These methods will be blocked globally. Examples of HTTP request methods that you may want to block include HEAD, OPTIONS or TRACE. By default, no HTTP request methods are blocked. The Blueriq Runtime will respond with status code 405 Method Not Allowed to requests made with a blocked HTTP method.

 

By default nothing is blocked.

The property should be:

blueriq.security.http.restricted-methods=

To block use:

blueriq.security.http.restricted-methods=head,options

By default nothing is blocked.

The property should be:

<webApplication>
  <restricted-methods>
  </restricted-methods>
</webApplication>

 

To block use:

<webApplication>
  <restricted-methods>
    <method value="head"/>
    <method value="options"/>
  </restricted-methods>
</webApplication>
  • No labels

Didn't find the answer you were looking for? Try the advanced search