1-888-365-2779
+1-888-365-2779
Try Now
More in this section

Forums / General Discussions / web.config Allowed Verbs

web.config Allowed Verbs

2 posts, 0 answered
  1. John
    John avatar
    61 posts
    Registered:
    08 Jun 2012
    29 Sep 2011
    Link to this post
    Hello,

    We are being asked by our client's security team to tighten security for the Sitefinity application we are developing for them. One item they wish for us to address is in regards to allowed verbs defined in the web.config file. This is not our area of expertise, and we are not sure where to begin.

    We have a couple of questions:

    1) What minimum verbs settings does Sitefinity require to function properly?
    2) Is there any technical documentation available from Sitefinity regarding the security of their systems? This will be especially important now that an eCommerce module has been released.

    Thank you!

    John
  2. Lubomir Velkov
    Lubomir Velkov avatar
    688 posts
    Registered:
    03 Nov 2014
    04 Oct 2011
    Link to this post
    Hi John,

    Well, basically you need the following verbs ALLOWED

    GET
    HEAD
    POST
    PUT
    DELETE

    There are others like OPTIONS,TRACE and CONNECT which are considered more like service verbs and should be allowed anyway.

    Unfortunately I don't think there is any specific documention for security released for now.

    All the best,
    Lubomir Velkov
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
2 posts, 0 answered