web.config Allowed Verbs - Sitefinity - General Discussions

All Replies

Posted by Community Admin on 29-Sep-2011 00:00

Hello,

We are being asked by our client's security team to tighten security for the Sitefinity application we are developing for them. One item they wish for us to address is in regards to allowed verbs defined in the web.config file. This is not our area of expertise, and we are not sure where to begin.

We have a couple of questions:

1) What minimum verbs settings does Sitefinity require to function properly?
2) Is there any technical documentation available from Sitefinity regarding the security of their systems? This will be especially important now that an eCommerce module has been released.

Thank you!

John

Posted by Community Admin on 04-Oct-2011 00:00

Hi John,

Well, basically you need the following verbs ALLOWED

GET
HEAD
POST
PUT
DELETE

There are others like OPTIONS,TRACE and CONNECT which are considered more like service verbs and should be allowed anyway.

Unfortunately I don't think there is any specific documention for security released for now.

All the best,
Lubomir Velkov
the Telerik team

Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

This thread is closed