HTTP Headers - need to check OPTIONS
Posted
by chris
on Server Fault
See other posts from Server Fault
or by chris
Published on 2010-02-04T15:49:37Z
Indexed on
2010/03/08
20:38 UTC
Read the original article
Hit count: 591
I've received the results of a pen test and there is some unwanted exposure in the HTTP OPTIONS where the fact that Frontpage Server Extensions was available (now removed) was reported.
I need to run a check on the OPTIONS to see whether it has been removed. The test output from the report is below, I need to recreate it to establish that it has gone but don't know how to check the OPTIONS, I can only find tools that seem to check the "HEAD / HTTP/1.1".
Does anyone know how to test this - I'm running a Windows environment?
Many thanks
OPTIONS / HTTP/1.1
Host: www.website.com
HTTP/1.1 200 OK
Allow: OPTIONS, TRACE, GET, HEAD
Content-Length: 0
Server: Microsoft-IIS/6.0
Public: OPTIONS, TRACE, GET, HEAD, POST
MS-Author-Via: MS-FP/4.0
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
Date: Fri, 01 Feb 2010 16:09:15 GMT
© Server Fault or respective owner