Share via

Insecure "OPTIONS" HTTP Method Enabled issue

May 1 Reputation point
2021-08-20T02:39:16.65+00:00

Hi MS support,

Our Sharepoint site (SP2013) is undergoing security vulnerabilities scan and we have landed on a "Insecure "OPTIONS" HTTP Method Enabled" issue. The recommended fix is to disable WebDAV enabled on the server. However this solution is not feasible as WebDAV is required on the server for mapping network drives.

Are there alternate solution to resolve this issue?
It will be great if any official article from Microsoft can help.

Thank you,
May

Microsoft 365 and Office SharePoint Server Development
Windows for business Windows Server Devices and deployment Configure application groups
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Allen Xu_MSFT 13,861 Reputation points
    2021-08-20T07:42:29.59+00:00

    Hi @May ,

    How about disabling "OPTIONS" HTTP method on IIS Web Server? As per my test, I disabled it and I can still map network drives. Please take a reference to the following steps to disable "OPTIONS" HTTP method.

    • Open IIS Manager.
    • Click the server name.
    • Double click on Request Filtering.
      124957-image.png
    • Go to HTTP Verbs tab.
    • On the right side, click Deny Verb.
    • Type OPTIONS. Click OK.
      124982-image.png

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.