Jeff Sanders Technical Blog

I am a Microsoft employee that has worked on all aspects of the Web Stack for a long time. I hope these blogs are useful to you! Use this information at your own risk.


<< Go Back

How To Deny Http Methods Or Verbs In Azure Web Apps

- 20 Sep 2016

If you want to deny HTTP methods or verbs in Azure Web Apps you can do this be changing your web.config file.

Add the following or create the following sections if they do not exist in your section of your Azure Web App, web.config file:

    <validation validateIntegratedModeConfiguration=”false” />     <modules runAllManagedModulesForAllRequests=”true” />             <add name=”DenyOTH” verb=”OPTIONS,TRACE,HEAD” path=”*” type=”System.Web.HttpMethodNotAllowedHandler” />

 

Once you add this, the response to any HTTP Verb in the verb list (in this case “OPTIONS,TRACE,HEAD”) will result in a response: 405 Method Not Allowed.

 

Let me know if this helped you out!

Also, see this blog post for removing headers: Remove ‘Server’ and ‘X-Powered-By’ headers from your Azure Mobile Apps

<< Go Back