Manual Chapter : Adding Allowed Methods to a Security Policy

Applies To:

Show Versions Show Versions

BIG-IP ASM

  • 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
Manual Chapter

Adding allowed methods

All security policies accept standard HTTP methods by default. If your web application uses HTTP methods other than the default allowed methods (GET, HEAD, and POST), you can add them to the security policy.
  1. On the Main tab, click Security > Application Security > Headers > Methods. The Methods screen opens.
  2. In the Current edited policy list near the top of the screen, verify that the edited security policy is the one you want to work on.
  3. Click Create.
  4. For the Method setting, select the type of method to allow:
    • To use an existing HTTP method to act as a GET or POST action, select Predefined then select the system-supplied method to add to the allowed methods list.
    • To add an option that is not predefined, select Custom, and then in the Custom Method field, type the name of a method.
  5. If using flows in the security policy, from the Allowed Method Properties list, select Advanced, then from the Act as Method list, select an option:
    • If you do not expect requests to contain HTTP data following the HTTP header section, select GET.
    • If you expect requests to contain HTTP data following the HTTP header section, select POST.
  6. Click Create.
  7. To put the security policy changes into effect immediately, click Apply Policy.
The method is added to the allowed methods list. The system treats any incoming HTTP request that uses an HTTP method other than an allowed method as an invalid request. The system ignores, learns, logs, or blocks the request depending on the settings configured for the Illegal Method violation on the Application Security: Blocking: Settings screen.