IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  HTTP Trace Method Disabled not working on Webseal

    Posted Tue October 18, 2022 07:51 AM
    Hi All,

    There's findings from Our Security Team, they checked that out sso url are enabled for HTTP Trace Method, then we need to remediate it.

    I am already following this documentation Disabling HTTP methods - IBM Documentation but I am still get HTTP/1.1 200 OK.

    Is there anything miss from my configuration? I hope you can help for my requirement.

    Thanks.

    Best Regards,
    Julian Fazri

    ------------------------------
    Julian Fazri
    ------------------------------


  • 2.  RE: HTTP Trace Method Disabled not working on Webseal

    Posted Tue October 18, 2022 04:10 PM

    Julian,

     

    To disable the TRACE method you definitely should be able to use the http-method-disabled-local and http-method-disabled-remote configuration entries.  Both entries should be changed to include the 'TRACE' method.  If you feel that you have set these configuration entries correctly I would suggest that you raise a support ticket with IBM so that the support team can investigate further.

     

    Thanks.

     

     

    Scott A. Exton
    Senior Software Engineer
    Chief Programmer - IBM Security Verify Access
    IBM Master Inventor

    cid4122760825*<a href=image002.png@01D85F83.85516C50">

     

     




    Original Message


  • 3.  RE: HTTP Trace Method Disabled not working on Webseal

    Posted Tue October 18, 2022 09:20 PM
    Hi Scott,

    Yes I already set TRACE value on http-method-disabled-remote and http-method-disabled-local parameter, but I am still can do the trace. I am set it on [server] Stanza. Should I add those parameters on other Stanza?

    Thanks

    ------------------------------
    Julian Fazri
    ------------------------------

    Original Message


  • 4.  RE: HTTP Trace Method Disabled not working on Webseal

    Posted Tue October 18, 2022 09:32 PM

    Julian,

     

    This should be working for you – you only need to set those configuration entries on the server stanza.  I would suggest that you raise a ticket with IBM support and get them to investigate further.

     

    Thanks.

     

     

    Scott A. Exton
    Senior Software Engineer
    Chief Programmer - IBM Security Verify Access
    IBM Master Inventor

    cid4122760825*<a href=image002.png@01D85F83.85516C50">

     

     

     




    Original Message


Related Content