<security-constraint> <web-resource-collection> <web-resource-name><strong>restricted methods</strong></web-resource-name> <url-pattern>/*</url-pattern> <http-method>HEAD</http-method> <http-method>OPTIONS</http-method> </web-resource-collection> <auth-constraint /> </security-constraint>

Resolving "Unsafe HTTP request method" to prevent false positives

Product / Version includes:

Deep Security20.0

Last updated: 2024/06/10

Solution ID: KA-0009629

Category: Troubleshoot

Summary

This article explains how to disable some unwanted HTTP request methods, which can be helpful to avoid false positives.

To disable certain HTTP request methods:

Look for the web.xml file located under [DSM installation folder]\webclient\webapps\ROOT\WEB-INF\web.xml

Edit the web.xml file. For example, if you want to disable the method HEAD and OPTIONS, add the following code:

<security-constraint> 
    <web-resource-collection> 
        <web-resource-name><strong>restricted methods</strong></web-resource-name> 
        <url-pattern>/*</url-pattern> 
        <http-method>HEAD</http-method>
        <http-method>OPTIONS</http-method> 
    </web-resource-collection> 
    <auth-constraint /> 
</security-constraint>

Restart the web service.

After adding the configuration, the result by HEAD request should now be forbidden.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Resolving "Unsafe HTTP request method" to prevent false positives

Resolving "Unsafe HTTP request method" to prevent false positives

Product / Version includes:

Summary