Activity Processors: Method Processor

GET and POST are two very well known HTTP request methods. A request method is a keyword that tells the server what type of request the user is making. In the case of a GET, the user is requesting a resource. In the case of a POST, the user is submitting data to a resource. There are however, several other supported request methods which include HEAD, PUT, DELETE, TRACE, and OPTIONS. These methods are intended to divide the types of requests into more granular operation. In almost all web application implementations, the PUT, DELETE, TRACE and OPTIONS methods are all left unimplemented. Unfortunately, some systems provide default implementations for things such as TRACE and OPTIONS. As a result, some administrators accidentally expose unprotected services. Hackers often try these different request methods to identify servers which support them, and therefore can be vulnerable.

Table 25: Method Processor Configuration Parameters

Parameter

Type

Default Value

Description

Basic

Whether traffic should be passed through this processor.

Processor Enabled

Boolean

True

Advanced

Block Unknown Methods

Boolean

True

Whether to block requests that contain unknown HTTP methods.

Block Unknown Protocol

Boolean

True

Whether to block requests that contain unknown HTTP protocols.

Known Methods

Collection

Collection

The list of known HTTP methods. Also allows you to customize the action to take for each occurrence of the known HTTP method.

Incident: Illegal Method Requested

Boolean

True

The user issued a request using an HTTP method which is considered illegal.

Incident: Unexpected Method Requested

Boolean

True

The user issued a request using a request method other then GET, POST, and HEAD, which resulted in a server error.

Incident: Missing HTTP Protocol

Boolean

True

No protocol specified in GET line.

Incident: Unknown HTTP Protocol

Boolean

True

Non standard protocol specified in GET line (anything except 0.9, 1.0, 1.1).