topic HTTP OPTIONS Method Enabled on Panorama in General Topics https://live.paloaltonetworks.com/t5/general-topics/http-options-method-enabled-on-panorama/m-p/482999#M104320 <P>Hi All,</P><P>I got Vulnerability&nbsp;HTTP OPTIONS Method Enabled on Panorama, the status show OK.</P><P>curl -k -v -X OPTIONS -x "" <A href="https://10.10.10.10/restapi" target="_blank">https://10.10.10.10/restapi</A></P><P>&nbsp;</P><P>* Mark bundle as not supporting multiuse<BR />&lt; HTTP/1.1 200 OK<BR />&lt; Date: Wed, 27 Apr 2022 02:47:02 GMT<BR />&lt; Content-Type: httpd/unix-directory<BR />&lt; Content-Length: 0<BR />&lt; Connection: keep-alive<BR />&lt; Allow: OPTIONS,GET,HEAD,POST,TRACE<BR />&lt; X-Frame-Options: SAMEORIGIN<BR />&lt; X-XSS-Protection: 1; mode=block;<BR />&lt; X-Content-Type-Options: nosniff<BR />&lt; Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;</P><P>&nbsp;</P><P>But in the gateway Palo Alto its show Bad request.</P><P>curl -k -v -X OPTIONS -x "" <A href="https://10.10.10.11/restapi" target="_blank">https://10.10.10.11/restapi</A></P><P>* schannel: server closed the connection<BR />* Mark bundle as not supporting multiuse<BR />&lt; HTTP/1.1 400 Bad Request<BR />&lt; Date: Wed, 27 Apr 2022 02:48:26 GMT<BR />&lt; Content-Type: text/html<BR />&lt; Content-Length: 1174<BR />&lt; Connection: close</P><P>&nbsp;</P><P>Any idea?</P> Wed, 27 Apr 2022 02:51:19 GMT Teddy_Teddy 2022-04-27T02:51:19Z HTTP OPTIONS Method Enabled on Panorama https://live.paloaltonetworks.com/t5/general-topics/http-options-method-enabled-on-panorama/m-p/482999#M104320 <P>Hi All,</P><P>I got Vulnerability&nbsp;HTTP OPTIONS Method Enabled on Panorama, the status show OK.</P><P>curl -k -v -X OPTIONS -x "" <A href="https://10.10.10.10/restapi" target="_blank">https://10.10.10.10/restapi</A></P><P>&nbsp;</P><P>* Mark bundle as not supporting multiuse<BR />&lt; HTTP/1.1 200 OK<BR />&lt; Date: Wed, 27 Apr 2022 02:47:02 GMT<BR />&lt; Content-Type: httpd/unix-directory<BR />&lt; Content-Length: 0<BR />&lt; Connection: keep-alive<BR />&lt; Allow: OPTIONS,GET,HEAD,POST,TRACE<BR />&lt; X-Frame-Options: SAMEORIGIN<BR />&lt; X-XSS-Protection: 1; mode=block;<BR />&lt; X-Content-Type-Options: nosniff<BR />&lt; Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;</P><P>&nbsp;</P><P>But in the gateway Palo Alto its show Bad request.</P><P>curl -k -v -X OPTIONS -x "" <A href="https://10.10.10.11/restapi" target="_blank">https://10.10.10.11/restapi</A></P><P>* schannel: server closed the connection<BR />* Mark bundle as not supporting multiuse<BR />&lt; HTTP/1.1 400 Bad Request<BR />&lt; Date: Wed, 27 Apr 2022 02:48:26 GMT<BR />&lt; Content-Type: text/html<BR />&lt; Content-Length: 1174<BR />&lt; Connection: close</P><P>&nbsp;</P><P>Any idea?</P> Wed, 27 Apr 2022 02:51:19 GMT https://live.paloaltonetworks.com/t5/general-topics/http-options-method-enabled-on-panorama/m-p/482999#M104320 Teddy_Teddy 2022-04-27T02:51:19Z Re: HTTP OPTIONS Method Enabled on Panorama https://live.paloaltonetworks.com/t5/general-topics/http-options-method-enabled-on-panorama/m-p/483043#M104324 <P>Hi,</P><P>how can I block HTTP method OPTIONS in Panorama? is it possible?</P> Wed, 27 Apr 2022 07:27:13 GMT https://live.paloaltonetworks.com/t5/general-topics/http-options-method-enabled-on-panorama/m-p/483043#M104324 Teddy_Teddy 2022-04-27T07:27:13Z