How to restrict HTTP Methods


How can I restrict HTTP methods to those required by the MOSS07 application(s) using IIS6?


This is what was written in the document

IIS6 should be used to restrict HTTP methods to those required by the MOSS07 application(s).

I also searched some books and saw something curious in O'Reilly's Sharepoint 2007 by James Pyles and others.

There is no real suppported way to use HTTP POST and HTTP GET because of the web.config settings and the static definition of the WSDL. In the web.config

 <remove name="HttpGet">
 <remove name="HttpPost">
 <remove name="HttpPostLocalHost">
 <add name="Documentation">

If we do this in the Web.Config file, would it solve the problem?

Best Answer

One way of doing this is to put your web-server behind a reverse-proxy and restrict the HTTP methods in the reverse-proxy. It is possible to compile pound and run it on Windows/Cygwin and pound can already do this automatically. However, it should not be too difficult to write a simple socket programme to do this in your favourite language..