Insecure "OPTIONS" HTTP Method Enabled issue

May 1 Reputation point
2021-08-20T02:39:16.65+00:00

Hi MS support,

Our Sharepoint site (SP2013) is undergoing security vulnerabilities scan and we have landed on a "Insecure "OPTIONS" HTTP Method Enabled" issue. The recommended fix is to disable WebDAV enabled on the server. However this solution is not feasible as WebDAV is required on the server for mapping network drives.

Are there alternate solution to resolve this issue?
It will be great if any official article from Microsoft can help.

Thank you,
May

SharePoint Server Development
SharePoint Server Development
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Development: The process of researching, productizing, and refining new or existing technologies.
1,577 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,746 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Allen Xu_MSFT 13,781 Reputation points
    2021-08-20T07:42:29.59+00:00

    Hi @May ,

    How about disabling "OPTIONS" HTTP method on IIS Web Server? As per my test, I disabled it and I can still map network drives. Please take a reference to the following steps to disable "OPTIONS" HTTP method.

    • Open IIS Manager.
    • Click the server name.
    • Double click on Request Filtering.
      124957-image.png
    • Go to HTTP Verbs tab.
    • On the right side, click Deny Verb.
    • Type OPTIONS. Click OK.
      124982-image.png

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.