How to enable or disable HTTP methods

Technote (FAQ)


Question

How do you enable or disable HTTP methods for a Lotus® Domino® Web server? The RFC 2616 standard defines eight methods that may be used for HTTP as follows:

  • GET
  • HEAD
  • POST
  • OPTIONS
  • PUT
  • DELETE
  • TRACE
  • CONNECT

The Domino server responds to disallowed methods with an HTTP 405 error, which is Method Not Allowed as defined by the HTTP/1.1 specification. Some security scanning software will recommend disabling certain methods such as TRACE.


Answer

If you are using Internet Sites, you control the allowed methods in the Web Site document. To verify or change the settings, go to the Web Site document - Configuration tab, and review the Allowed Methods section. (The method CONNECT is rarely used and not allowed; therefore it is not listed.) Refer to the screen capture below.


If you are using the Web Configurations view instead of Internet Sites, you can disable HTTP methods by using the notes.ini variable HTTPDisableMethods with a value of the method name. Separate multiple method names using a comma. For example, to disable the TRACE method, you would enter HTTPDisableMethods=TRACE. To disable TRACE and CONNECT, you would enter HTTPDisableMethods=TRACE,CONNECT.

Screen capture of Web Site document:


Rate this page:

(0 users)Average rating

Document information


More support for:

IBM Domino
Web Server

Software version:

7.0, 8.0, 8.5

Operating system(s):

AIX, Linux, OS/400, Solaris, Windows, i5/OS, z/OS

Software edition:

All Editions

Reference #:

1201202

Modified date:

2008-10-09

Translate my page

Machine Translation

Content navigation