Security Best Practice: Familiarize Yourself with the HTTP Methods Protection
| Check Point Reference: | SBP-2006-24 | |
| Date Published: | ||
| Severity: | ||
| Source: | SmartDefense Research Center | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Web servers | ||
| Vulnerability Description The HTTP RFC allows a restricted set of HTTP methods. However, even some of the standard methods are unsafe, because they can be used to exploit vulnerabilities on a web server. Many of the non-standard methods have a very bad security record. Microsoft WebDAV methods, for example, have certain security issues, as discussed in the IPS Advisories page. |
||
|
Vulnerability Details Web Intelligence divides the HTTP methods into three groups: Standard safe (GET, HEAD and POST), standard unsafe (the other standard HTTP methods), and WebDAV. By default, all methods are blocked other than the standard safe methods. To allow users access to popular applications such as Microsoft Hotmail, Outlook Web Access, and FrontPage, the non-RFC compliant WebDAV HTTP methods can be allowed. It is possible to choose exactly which methods to block. For example, if only GET and POST methods are allowed, and all others are blocked, the following HTTP request using a WebDAV method will be rejected: MKCOL / HTTP/1.0 |
Protection Overview
This protection can be used to control which HTTP methods can be used in HTTP requests. The settings in this protection can be applied either to all traffic or to specific web servers. When the attack is blocked, users can be informed via a customizable web page.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
CPAI-2003-19
CPAI-2004-41
CPAI-2004-56