HTTP Headers - need to check OPTIONS

Posted by chris on Server Fault See other posts from Server Fault or by chris
Published on 2010-02-04T15:49:37Z Indexed on 2010/03/08 20:38 UTC
Read the original article Hit count: 587

Filed under:
|
|

I've received the results of a pen test and there is some unwanted exposure in the HTTP OPTIONS where the fact that Frontpage Server Extensions was available (now removed) was reported.

I need to run a check on the OPTIONS to see whether it has been removed. The test output from the report is below, I need to recreate it to establish that it has gone but don't know how to check the OPTIONS, I can only find tools that seem to check the "HEAD / HTTP/1.1".

Does anyone know how to test this - I'm running a Windows environment?

Many thanks

OPTIONS / HTTP/1.1
Host: www.website.com
HTTP/1.1 200 OK
Allow: OPTIONS, TRACE, GET, HEAD
Content-Length: 0
Server: Microsoft-IIS/6.0
Public: OPTIONS, TRACE, GET, HEAD, POST
MS-Author-Via: MS-FP/4.0
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
Date: Fri, 01 Feb 2010 16:09:15 GMT

© Server Fault or respective owner

Related posts about http-headers

Related posts about options