<div dir="ltr"><div><div>For me, it looks like PUT and DELETE was something devised to be used, ended up on the RFC, but not widely implemented.<br><br></div>I never saw it working anywhere, and all my servers reply with "HTTP 405 - Method not allowed" when I try PUT or DELETE.<br>
<br>If your systems have PUT and/or DELETE enabled, you should disable them. Or redirect to a honeypot somewhere and have some fun.<br></div>If you redirect, you could send us the results later. I love seeing honeypot logs...<br>
</div><div class="gmail_extra"><br clear="all"><div>Mauro<br><a href="http://mauro.limeiratem.com">http://mauro.limeiratem.com</a> - registered Linux User: 294521<br>Scripture is both history, and a love letter from God.</div>
<br><br><div class="gmail_quote">2014-05-07 11:08 GMT-03:00 William Muriithi <span dir="ltr"><<a href="mailto:william.muriithi-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org" target="_blank">william.muriithi-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<p>Morning,</p>
<p>I am curious to hear what opinion or experience this group has on disabling HTTP put and delete method.</p>
<p>Essentially, last week, I scanned around to see if there is weakness on the systems I support that's exposed to the public. I am looking through the results and it feel like put and delete shouldn't be enabled. The lines below appear across all the systems results </p>
<p>+ OSVDB-397: HTTP method ('Allow' Header): 'PUT' method could allow clients to save files on the web server. <br>
+ OSVDB-5646: HTTP method ('Allow' Header): 'DELETE' may allow clients to remove files on the web server.</p>
<p>To be sincere I don't see a problem with put and delete from a bit of Googling I have done. Seem you can do the same damage through post that you can execute using put and delete yet, we don't disable the former.</p>
<p>What is your opinion or experience with the two HTTP methods? Would appreciate some enlightenment/criticism here.</p>
<p>Thanks in advance.</p><span class="HOEnZb"><font color="#888888">
<p>William </p>
</font></span></blockquote></div><br></div>