All security policies accept standard HTTP methods by default. If your web
application uses HTTP methods other than the default allowed methods (GET, HEAD, and
POST), you can add them to the security policy.
On the Main tab, click
The Methods screen opens.
In the Current edited policy list near the top of the screen,
verify that the edited security policy is the one you want to work on.
For the Method setting, select the type of method to
- To use an existing HTTP method to act as a GET or POST action, select
Predefined then select the system-supplied method
to add to the allowed methods list.
- To add an option that is not predefined, select
Custom, and then in the Custom
Method field, type the name of a method.
If using flows in the security policy, from the Allowed Method
Properties list, select Advanced, then
from the Act as Method list, select an option:
- If you do not expect requests to contain HTTP data following the HTTP
header section, select GET.
- If you expect requests to contain HTTP data following the HTTP header
section, select POST.
To put the security policy changes into effect immediately, click Apply
The method is added to the allowed methods list. The system treats any incoming HTTP
request that uses an HTTP method other than an allowed method as an invalid request. The
system ignores, learns, logs, or blocks the request depending on the settings configured
for the Illegal Method violation on the Application Security: Blocking: