S E C U R I T Y

Loading

Details
Stay Up To Date
Parent Checks

  • Other Information Gathering Scans
  • Other Vulnerability Scans

Need Membership

Yes

Need Proof Of Ownership

No

Estimate Time (Second)

5

Allowed HTTP Methods Detail

You can learn which HTTP methods are used for supporting your website with this tool.

What is HTTP and HTTP Request Methods ?

HyperText Transfer Protocol (HTTP) is a protocol that forms the foundation of the web that ensure data exchange between websites. HTTP requests use port 80 by default.

There are multiple HTTP methods to be used for data exchange with a website. For example, if you type a website address to your browser and press enter, you will automatically request HTTP GET from the target website.

Some HTTP methods are as follows:

GET, POST, PUT, HEAD, DELETE, CONNECT, OPTIONS, TRACE, PATCH, SEARCH


Why is it important to know HTTP Request Methods ?

It is recommended to deactivate DELETE, PUT and LOCK, MOVE, PROPFIND, PROPPATCH HTTP methods which are not used frequently and TRACE, TRACK and DEBUG debugging HTTP methods.

Additionally, the OPTIONS method is used to find the methods list supported by web servers. This can be deactivated if it does not serve a special purpose.


How can you learn HTTP methods supported by a server?

You can use our free and online HTTP Request Methods finder tool. To do this, you can start by typing your domain name or IP address in the form on top of the page and start scanning.

Or you can run nmap --script http-methods Target_Host command on nmap tool which can be installed to all operating systems.

Also, you can use http/options auxiliary module of “Metasploit Framework” to check the vulnerability.

Lastly, you can check manually. If your website permits OPTIONS request method, you will have results similar to the following:

  curl -i -X OPTIONS http://172.19.0.100 
 > OPTIONS / HTTP/1.1
  > User-Agent: curl/7.61.0
 > Host: 172.19.0.100
  > Accept: */*
 >
 < HTTP/1.1 200 OK
 < Date: Mon, 24 May 2020 21:21:20 GMT
 < Server: Apache/2.2.21
 < Allow: GET,HEAD,POST,OPTIONS,TRACE
  < Content-Length: 0
 < Content-Type: text/html
 <
            

Some Advice for Common Problems

You can deactivate HTTP methods with setting changes on your webserver.