Forum Discussion
boneyard
Aug 21, 2013MVP
something like
when HTTP_REQUEST {
if { ( [HTTP::method] equals "OPTIONS" ) } {
TCP::close
}
}
would do the trick.
though i would question if this really is a vulnerability and not some pen test report remark that you could challenge. it can of course also be solved on the webserver, but simply turning it off.