F5 Blocking = Illegal Method: OPTIONS

Question

F5 is set to learn and alarm. The Attack Type is Information Leakage. The Request Details indicates Illegal method for HTTP Method OPTIONS. The HTTP Request = OPTIONS / HTTP/1.1 I am trying to determine if I should set this to BLOCK, but I do not really understand what the request is. Can you help me to understand, please?

what_lies_bene1 · Answer

See here for some details: http://www.acunetix.com/vulnerabilities/options-method-is-enabled/.&nbsp;
I don't think it's a real risk, any reasonably secure site/server will have unused or 'dangerous' methods disabled etc. but always better to be safe I suppose. More security theatre than anything.&nbsp;

richard__harlan · Answer

When a systems send a Option command it is asking the server what methods do you support/allow. The server will respond with methods like GET/POST/HEAD and such. &nbsp;

what_lies_bene1 · Answer

Options is a HTTP Method, used by a client to obtain from the server which other Methods are supported.&nbsp;
If you need a primer on HTTP I'd suggest you go to http://university.f5.com/ and take the HTTP Basics I and HTTP Basics II courses.&nbsp;

msz · Answer

Which method we can use ACT as Method instead of OPTION method?
Please&nbsp;

Forum Discussion

F5 Blocking = Illegal Method: OPTIONS

4 Replies

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

SSO login for APM Profiles

Need Advice on below issue

Virtual Server Configuration requirements for ISO 8583 traffic (Single persistent TCP session)

threat hunting guide

Webtop which has VNC for macos users

Related Content

BIG-IP methods to Fix the “421 Misdirected Request” Error

Block IP after a number of ASM Blocks

HTTP method conversion

Massive DDoS, DanaBot Dismantled, Scraped Discord Messages and Signal Blocks Windows Recall

Block traffic

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS