Ping a Specific Port

Question

Anton Gogolev

Asked: 2014-10-04 02:15:25 +0800 CST2014-10-04 02:15:25 +0800 CST 2014-10-04 02:15:25 +0800 CST

Disable HTTP OPTIONS verb in IIS 7

772

My .NET 4.0 webapp is running on Windows Server 2008 on IIS 7.5 using an Integrated pipeline.

I want to only enable the "big four" HTTP verbs. According to the documentation, this should do the trick:

<system.webServer>
  <security>
    <requestFiltering>
      <verbs allowUnlisted="false" applyToWebDAV="true">
        <add verb="GET" allowed="true" />
        <add verb="POST" allowed="true" />
        <add verb="PUT" allowed="true" />
        <add verb="DELETE" allowed="true" />                    
      </verbs>
    </requestFiltering>
  </security>
</system.webServer>

But, as you might have already guessed, it does not. Doing an OPTION request still results in "HTTP 200 OK", as do LOCK, PROPFIND and some others. All of this with WebDAV not being installed.

Removing the <add verb="GET" ... line results in IIS correctly responding with a HTTP 404.6 (Verb Denied) error.

Am I missing something obvious here?

1 Answers

Voted

Anton Gogolev · Answer 1 · 2014-10-04T02:48:22+08:00

Best Answer

Anton Gogolev

2014-10-04T02:48:22+08:002014-10-04T02:48:22+08:00

Aaand I was woefully wrong. IIS was indeed responding with 404, but an <httpErrors> section kicked in and served up my "404.html" page with HTTP 200 status.

4

Disable HTTP OPTIONS verb in IIS 7

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?