...
The insecure HTTP methods such as PUT, DELETE, PATCH and TRACE could expose the backend server to various critical security issues and potentially enable the unauthorized malicious attackers the ability to upload, delete files in the backend server. Disabling the HTTP methods such as PUT, DELETE, PATCH, and TRACE in the gateway server helps enhance server security.
...
Configure HTTP Method in eStudio Profile Manager
To disable HTTP methods, perform the following actions in eStudio after shutting down the gateway server:
- Open AGS profile in the Profile Management perspective.
Go to APIGateway > Fiorano > APIGateway> Jetty > PeerAPIManagementJetty.
Provide a value in the following format to the DisableHttpMethods property:
Code Block /debug/*:MethodName1,MethodName2;/*:MethodName1,MethodName2
Info Multiple methods can be set separated by commas and the ones separated by a semicolon are the following:
/*blocks methods/debug/*blocks methods in debugged projects
- Save the profile (CTRL+S) and start the gateway server.
...
Test the response in Fiorano API Dashboard
To confirm whether the settings are applied to the gateway server configuration, perform the following actions in Fiorano Dashboard:
...