Q&A: What additional HTTP Request methods are expected? (WAF Tech Questionnaire)

Question

What additional HTTP Request methods are expected? 

Environment

• WAF Policy

Answer

Defaults are GET, POST, and HEAD

Additionally, you may want to allow:

• OPTIONS (generally for CORS)
  • https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS
• PUT, DELETE, PATCH (generally for API or file hosting)
  • https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/PUT
  • https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/DELETE
  • https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/PATCH
• CONNECT
  • https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/CONNECT
• TRACE
  • https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/TRACE

Related Content

• Q&A: What is CORS? How Can Silverline Setup CORS policy?
• Adding Allowed Methods to a Security Policy
• Q&A: What are Best practices for configuring WAF Policy for API (REST) endpoint?
• https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods