Some security scanning reports suggest to disable the OPTIONS HTTP Method on web server. The article provides the use of a rewrite policy to avoid processing the OPTIONS HTTP Method.

---

Instructions

Apply below commands to achieve HTTP OPTION method block in specific Virtual Server.

[Sample Command in NetScaler]
add policy patset method_filter
bind policy patset method_filter OPTIONS -index 2
add rewrite policy dont_process "HTTP.REQ.METHOD.EQUALS_ANY(\"method_filter\")" DROP
bind vpn vserver VPN -policy dont_process -priority 100 -gotoPriorityExpression END -type REQUEST



 

This software application is provided to you as is with no representations, warranties or conditions of any kind. You may use and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that: (a) the software application may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the software application fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the software application. In no event should the software application be used to support ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SOFTWARE APPLICATION, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the software application.

Some security scanning reports to disable OPTIONS HTTP Method on web server. The article introduces how to use rewrite policy to block OPTIONS HTTP Method.

https://support.citrix.com/s/article/CTX459877-how-to-block-specific-url-request-with-rewrite-policy-in-netscaler