1

I am getting this vulnerability "disable OPTIONS Method on the web server". Please see ErrorScreenshot image link

ErrorScreenshot

In web Config i have already added following tag:

 <system.web>
    <compilation debug="true" targetFramework="4.6"/>
    <httpRuntime targetFramework="4.6" requestValidationMode="4.5" enableVersionHeader="false"/>
    <machineKey validationKey="FF4636C4DF933BE453F9B94810661C5F5625794E5DCA46A3C281EB18CC5410386A4B38F5E4C7D7106C049C9EB10F31C2F4E76E74616ABD36DC6C64AF2BFF6801" decryptionKey="667F9049734567FF3E7BC7031DF4B4431F992A447CE2FB3258F6EE989BA82E8F" validation="SHA1" decryption="AES"/>
    <httpHandlers>
      <add path="*" verb="OPTIONS" type="System.Web.DefaultHttpHandler" validate="true"/>
      <add path="*" verb="TRACE" type="System.Web.DefaultHttpHandler" validate="true"/>
      <add path="*" verb="HEAD" type="System.Web.DefaultHttpHandler" validate="true"/>
    </httpHandlers>
    <authorization>
      <deny verbs="OPTIONS" users="*"/>
      <deny verbs="TRACE" users="*"/>
      <deny verbs="HEAD" users="*"/>
    </authorization>
    <authentication mode="Forms">
      <forms loginUrl="~/Login/Login" defaultUrl="~/Home/Home" path="/" name="test" cookieless="UseCookies" requireSSL="true" slidingExpiration="false" timeout="2880" protection="All"/>
    </authentication>
    <httpCookies httpOnlyCookies="true" requireSSL="true"/>
    <sessionState timeout="20"/>
    <customErrors mode="On" defaultRedirect="~/Home/ErrorPage"/>
  </system.web>

Please Help!

nik
  • 11
  • 5
  • Check this topic: https://stackoverflow.com/questions/12131266/disable-http-options-trace-head-copy-and-unlock-methods-in-iis – opewix Jul 20 '17 at 03:55

0 Answers0