Hi, On 22.08.2018 18:48, Xinhuan Zheng wrote: > Hi Christian, > > For some reason, our target host returns content as if they were getting > GET requests, not returning Allow: header. I thought it may be redirect > can cause that. I have to figure out how to change target host > configuration to disabling OPTIONS requests. > Thanks, > > - xinhuan
OPTIONS requests are mainly used to catch/enumerate the supported HTTP methods by the remote target like GET, POST, PUT and so on. If you see additional requests i guess most of these might be related to the following NVT: Name: Apache HTTP Server OPTIONS Memory Leak Vulnerability (Optionsbleed) OID: 1.3.6.1.4.1.25623.1.0.112048 but there is also an arbitrary amount of other NVTs which might send OPTIONS requests as well. Regards, > On 8/22/18, 12:43 PM, "Christian Fischer" > <christian.fisc...@greenbone.net> wrote: > >> Hi, >> >> On 17.08.2018 18:08, Xinhuan Zheng wrote: >>> Hello, >>> >>> In our recent OpenVAS scan, our host has HTTP service running so the >>> scanning software tests a lot of URLs. However, in the target host >>> access >>> log, we saw tons of OPTIONS requests being issued by scanning software. >>> Per some research, OPTIONS is a type of HTTP request that is pre-flight >>> in >>> Cross-origin resource. The normal GET request would return a document >>> with >>> bunch of objects, like json, images, etc. Can I limit OpenVAS not >>> issuing >>> OPTIONS requests? >>> Thank you, >> >> there is no such possibility included in OpenVAS besides excluding the >> NVT(s) doing those OPTIONS requests from your scan configuration. >> >> Could you elaborate why you want to limit OpenVAS not issuing OPTIONS >> requests? >> >> Regards, >> >> -- >> >> Christian Fischer | PGP Key: 0x54F3CE5B76C597AD >> Greenbone Networks GmbH | https://www.greenbone.net >> Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 >> Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner > > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > _______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
