How to Shutdown HTTP Methods in CA API Developer Portal

Document ID : KB000103210
Last Modified Date : 30/08/2018
Show Technical Document Details
Question:
  • Penetration Test report identifies that CA Portal exposes dangerous HTTP methods. How to disable these HTTP methods? 
Environment:
  • API Portal 3.5
Answer:
  • You can add limits to Apache so that it will only allow GET and POST which is all that is needed in most configurations.
  • The other methods are required by the WebDAV which is used by the Portal Replication.
  1. Add the following to /etc/httpd/conf/httpd.conf and run "service httpd reload" 
<Location /> 
<LimitExcept GET POST> 
order deny,allow 
deny from all 
</LimitExcept> 
</Location>