{"description": "Web server methods are defined in section 9 of RFC 2616 (\n    <a xmlns='http://www.w3.org/1999/xhtml' href='http://www.ietf.org/rfc/rfc2616.txt'>http://www.ietf.org/rfc/rfc2616.txt</a>).\nIf a web server does not require the implementation of all available methods,\nthey should be disabled.\n<br /><br />\nNote: <tt>GET</tt> and <tt>POST</tt> are the most common methods. A majority of the others\nare limited to the WebDAV protocol.\n<pre>&lt;Directory /var/www/html&gt;\n# ...\n   # Only allow specific methods (this command is case-sensitive!)\n   &lt;LimitExcept GET POST&gt;\n      Order allow,deny\n   &lt;/LimitExcept&gt;\n# ...\n&lt;/Directory&gt;</pre>", "rationale": "Minimizing the number of available methods to the web client reduces risk\nby limiting the capabilities allowed by the web server.", "severity": "unknown", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": null, "ocil": null, "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Limit Available Methods", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_limit_available_methods/rule.yml", "template": null}