Limiting http methods to specific URLs

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Limiting http methods to specific URLs

L0 Member

Has anyone had luck limiting http methods like PUT to limited URLs? For example, limiting a PUT to but not to ? I've created a custom vulnerability that allows the http-method (http-req-header length > 0 which http-method=PUT) in a custom vulnerability but I am having trouble limiting it to the host only portion or the URL/URI. Not sure if this should be further defined in the custom vulnerability, URL category, or just as an fqdn address object? I am trying to think that if I have a use case in the future to allow to but not would it be the same solution?


L7 Applicator

You should try using a targeted security policy with a Custom URL entry to match the URN of interest in the Service/URL Category tab of the Security Policy Rule. You will then apply the restrictive Vulnerability Protection Profile with an Exception set to block on your Custom Vulnerability Signature. Note that given that these are HTTP(S) resources, this is dependent on successful TLS decryption.

Thanks, any idea what the terminating character for the custom URL would be? For instance, how would one limit to only the top level meaning but not grant access to,, or*

you can block a single URL if you use a literal URL for the policy and no special characters such as asterisk tailing the string, so just put in and no "*" at the end.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!