Hi all,
our app scanning team have informed us that we must disable all unnecessary methods within our application's config. e.g. PUT and DELETE.
We have tried to resolve this within the Tomcat config.
In tomcat/conf folder modify the web.xml file by inserting a <security constraint> element directly below the <web-app> element as below:
<security-constraint>
<web-resource-collection>
<web-resource-name>restricted methods</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint />
</security-constraint>
But following a rescan by our app security team, the issue was still apparent.
Is there any way that we can disable the methods within IIS?