Vulnerability "" Web server allows HTTP method DELETE"

Question

Keeping in mind that GET and POST methods are used to request information from a web server, but as the HTTP protocol allows several others including HEAD, PUT, DELETE, TRACE, OPTIONS, and CONNECT.Some of these can cause potential security risks also right ?&nbsp;
So, can we  try something like this which will even include our triggered vulnerability " Web server allows HTTP method DELETE" :&nbsp;
Hi Team,&nbsp;
Can the below Irule can be used to mitigate the Vulnerability:" Web server allows HTTP method DELETE"&nbsp;
when RULE_INIT {
  set sec_http_methods [list "CONNECT" "DELETE" "HEAD" "OPTIONS" "PUT" "TRACE"]
}&nbsp;
when HTTP_REQUEST {
  if { [matchclass [HTTP::method] equals $::sec_http_methods] } {
    reject
  }
}&nbsp;
Thanks and Regards
Parveez&nbsp;

the_bhattman · Answer

Hi Parveez,&nbsp;
Yes it can and the rule you posted can block the methods to be used.&nbsp;

parveez_70209 · Answer

Hi,&nbsp;
Thanks for coss-checking, but will it impact regular traffic or will it cause any issue ?&nbsp;
Thanks and Regards
Parveez&nbsp;

the_bhattman · Answer

It's going to cause issues, if your website uses any one of these methods to function.  Outside of that I don't believe so.&nbsp;

Forum Discussion

Vulnerability "" Web server allows HTTP method DELETE"

3 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

F5 BIG-IP Advanced WAF – "dos profile" reporting

Deleting .pcap files in "/var/tmp/"

How I did it - "High-Performance S3 Load Balancing of Dell ObjectScale with F5 BIG-IP"

How I did it - "F5 BIG-IP Observability with Dynatrace and F5 Telemetry Streaming"

App Stack, the "iRule" of F5 Distributed Cloud

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS