Hi Christian, For some reason, our target host returns content as if they were getting GET requests, not returning Allow: header. I thought it may be redirect can cause that. I have to figure out how to change target host configuration to disabling OPTIONS requests. Thanks,
- xinhuan On 8/22/18, 12:43 PM, "Christian Fischer" <christian.fisc...@greenbone.net> wrote: >Hi, > >On 17.08.2018 18:08, Xinhuan Zheng wrote: >> Hello, >> >> In our recent OpenVAS scan, our host has HTTP service running so the >> scanning software tests a lot of URLs. However, in the target host >>access >> log, we saw tons of OPTIONS requests being issued by scanning software. >> Per some research, OPTIONS is a type of HTTP request that is pre-flight >>in >> Cross-origin resource. The normal GET request would return a document >>with >> bunch of objects, like json, images, etc. Can I limit OpenVAS not >>issuing >> OPTIONS requests? >> Thank you, > >there is no such possibility included in OpenVAS besides excluding the >NVT(s) doing those OPTIONS requests from your scan configuration. > >Could you elaborate why you want to limit OpenVAS not issuing OPTIONS >requests? > >Regards, > >-- > >Christian Fischer | PGP Key: 0x54F3CE5B76C597AD >Greenbone Networks GmbH | https://www.greenbone.net >Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 >Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
