Login
Contents x
Non-Standard HTTP Verbs Restricted
  • 25 Jan 2024
  • Dark
    Light
  • PDF
Contents

Non-Standard HTTP Verbs Restricted

  • Updated on 25 Jan 2024
  • Dark
    Light
  • PDF
Article summary

This constraint is effective in the 2023.2 IAP release.

To support network security policies and provide an additional layer of control, Itential will not accept or process any non-standard HTTP verbs IAP does not require for its operation. Further detail is described in the sections that follow.

Accepted HTTP Verbs

The following set of HTTP verbs will always be accepted in IAP:

GET, POST, PUT, PATCH, HEAD, OPTIONS, DELETE

For any verbs not on this list, Itential has implemented a new property, allowedHttpOptionalVerbs, that will allow admins to specify an array of optional HTTP verbs IAP can process. By default, non-permitted verbs are blocked from accessing the application. Consequently, IAP will not process any server requests that contain restricted verbs and that are not defined ("turned on") in the allowedHttpOptionalVerbs property.

Optional HTTP Verbs Allowed

As listed below, there are 26 optional HTTP verbs Itential admins can use. A 405 error ("Method Not Allowed") is returned if the server request uses a verb not on the list.

These verbs must be in uppercase format.

"ACL",
"BIND",
"CHECKOUT",
"CONNECT",
"COPY",
"LINK",
"LOCK",
"MERGE",
"MKACTIVITY",
"MKCALENDAR",
"MKCOL",
"MOVE",
"M-SEARCH",
"NOTIFY",
"PROPFIND",
"PROPPATCH",
"PURGE",
"REBIND",
"REPORT",
"SEARCH",
"SUBSCRIBE",
"TRACE",
"UNBIND",
"UNLINK",
"UNLOCK",
"UNSUBSCRIBE"

How to Configure Alternate HTTP Verbs

To configure the HTTP verbs that can be used for inbound requests to the IAP server, use expressProps in the active IAP profile to configure the allowedHttpOptionalVerbs property.

  1. Login and navigate to IAP → Administration → Admin Essentials.
  2. Select the active profile under Profiles.
  3. Click the Configure tab.
  4. Select expressProps under Edit Profile Properties.
  5. Update the allowedHttpOptionalVerbs property to include the desired verbs from the allowed list above.
  6. Click Save to finalize your changes.
  7. Restart IAP.
Was this article helpful?
What's Next
Privacy Policy
Cookie Policy
Terms of Use
EULA
Copyright © 2024 Itential for Developers
Change password!
Changing your password will log you out immediately. Use the new password to log back in.
Change profile
Success!
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
Logout