This article explains how to disable some unwanted HTTP request methods, which can be helpful to avoid false positives.
To disable certain HTTP request method:
- Look for the web.xml file located under [DSM installation folder]\webclient\webapps\ROOT\WEB-INF\web.xml
- Edit the web.xml file. For example, if you want to disable the method HEAD and OPTIONS, add the following code:
<security-constraint> <web-resource-collection> <web-resource-name><strong>restricted methods</strong></web-resource-name> <url-pattern>/*</url-pattern> <http-method>HEAD</http-method> <http-method>OPTIONS</http-method> </web-resource-collection> <auth-constraint /> </security-constraint>
- Restart the web service.
After adding the configuration, the result by HEAD request should now be forbidden.