Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
If you want to deny HTTP methods or verbs in Azure Web Apps you can do this be changing your web.config file.
Add the following or create the following sections if they do not exist in your <configuration> section of your Azure Web App, web.config file:
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="true" />
<handlers>
<add name="DenyOTH" verb="OPTIONS,TRACE,HEAD" path="*" type="System.Web.HttpMethodNotAllowedHandler" />
</handlers>
</system.webServer>
Once you add this, the response to any HTTP Verb in the verb list (in this case "OPTIONS,TRACE,HEAD") will result in a response: 405 Method Not Allowed.
Let me know if this helped you out!
Also, see this blog post for removing headers: Remove ‘Server’ and ‘X-Powered-By’ headers from your Azure Mobile Apps
- Anonymous
September 22, 2016
Thanks Jeff to share this