Forum Discussion

2 Replies

  • something like

    when HTTP_REQUEST {
      if { ( [HTTP::method] equals "OPTIONS" ) } {
        TCP::close
      }
    }
    

    would do the trick.

    though i would question if this really is a vulnerability and not some pen test report remark that you could challenge. it can of course also be solved on the webserver, but simply turning it off.

  • But pen test person is saying that this is not resolving this issue. How to challenge them.