一、Apache 使用Apache的重寫規則來禁用Options方法和Trace方法 在Apache配置文件httpd-conf中【vhosts-conf】添加以下代碼： 單獨禁用Trace方法： ~~~ RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK） RewriteRule .* - [F] ~~~ 單獨禁用Options方法： ~~~ RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(OPTIONS) RewriteRule .* - [F] ~~~ 同時禁用Trace方法和Options方法 ~~~ RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS) RewriteRule .* - [F] <VirtualHost *:80> DocumentRoot "D:\wwwroot" ServerName www.abc.com ServerAlias abc.com <Directory "D:\wwwroot"> Options FollowSymLinks ExecCGI AllowOverride All Order allow,deny Allow from all Require all granted RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS) RewriteRule .* - [F] </Directory> </VirtualHost> ~~~ 二、Nginx 在你要屏蔽的虛擬主機的server段里加入下面代碼： ~~~ if ($request_method !~* GET|POST) { return 403; } ~~~ 重啟nginx，這樣就屏蔽GET、POST、之外的HTTP方法 三、Tomcat web.xml(url下禁用的請求方式) ~~~ <security-constraint> <web-resource-collection> <url-pattern>/*</url-pattern> <http-method>PUT</http-method> <http-method>DELETE</http-method> <http-method>HEAD</http-method> <http-method>OPTIONS</http-method> <http-method>TRACE</http-method> </web-resource-collection> <auth-constraint> </auth-constraint> </security-constraint> ~~~ 四、IIS 1、禁用WebDAV功能 2、web.config 在節點下添加如下代碼： ~~~ <system.webServer> <security> <requestFiltering> <verbs allowUnlisted="false"> <add verb="GET" allowed="true"/> <add verb="POST" allowed="true"/> <add verb="HEAD" allowed="true"/> </verbs> </requestFiltering> </security></system.webServer> ~~~ 以上代碼只允許開啟GET、POST和HEAD方法 3、IIS 里面有個請求篩選，hTTP謂詞 OPTIONS False 作者：0ne0ne 鏈接：https://www.jianshu.com/p/da021be820e3 來源：簡書 簡書著作權歸作者所有，任何形式的轉載都請聯系作者獲得授權并注明出處。