Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Activity Processors: Method Processor

    GET and POST are two very well known HTTP request methods. A request method is a keyword that tells the server what type of request the user is making. In the case of a GET, the user is requesting a resource. In the case of a POST, the user is submitting data to a resource. There are however, several other supported request methods which include HEAD, PUT, DELETE, TRACE, and OPTIONS. These methods are intended to divide the types of requests into more granular operation. In almost all web application implementations, the PUT, DELETE, TRACE and OPTIONS methods are all left unimplemented. Unfortunately, some systems provide default implementations for things such as TRACE and OPTIONS. As a result, some administrators accidentally expose unprotected services. Hackers often try these different request methods to identify servers which support them, and therefore can be vulnerable.

    Table 1: Method Processor Configuration Parameters

    Parameter

    Type

    Default Value

    Description

    Basic

    Whether traffic should be passed through this processor.

    Processor Enabled

    Boolean

    True

    Advanced

    Block Unknown Methods

    Boolean

    True

    Whether to block requests that contain unknown HTTP methods.

    Block Unknown Protocol

    Boolean

    True

    Whether to block requests that contain unknown HTTP protocols.

    Known Methods

    Collection

    Collection

    The list of known HTTP methods. Also allows you to customize the action to take for each occurrence of the known HTTP method.

    Incident: Illegal Method Requested

    Boolean

    True

    The user issued a request using an HTTP method which is considered illegal.

    Incident: Unexpected Method Requested

    Boolean

    True

    The user issued a request using a request method other then GET, POST, and HEAD, which resulted in a server error.

    Incident: Missing HTTP Protocol

    Boolean

    True

    No protocol specified in GET line.

    Incident: Unknown HTTP Protocol

    Boolean

    True

    Non standard protocol specified in GET line (anything except 0.9, 1.0, 1.1).

    Published: 2015-02-04