cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Johnrip84
Level 3

Disable HTTP Options FlexNet Publisher License Server Manager 11.14.0.1

Jump to solution

Hi, I am looking to disable the HTTP Methods that are not in use like OPTIONS,  in a FlexNet Publisher License Server Manager 11.14.0.1, adding a file httpConfExtra.conf in lmadmin configuration folder, but with Apache configuration it doesn't work:

<Directory />
AllowOverride none
Require all denied
<LimitExcept POST GET HEAD>
Deny from all
</LimitExcept>
</Directory>

when testing with curl it responds:

bash> curl -i -X OPTIONS http://hostIPx.x.x.:8090
HTTP/1.1 200 OK
Date: Wed, 18 Aug 2021 21:20:37 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Allow: GET,HEAD,POST,OPTIONS
Content-Length: 0
Content-Type: text/html

Could someone help me?


Thank you.

0 Kudos
(1) Solution

@mrathinam, it works now!!! I have added this line in the httpConfExtra.conf file:

DocumentRoot "web"
<Directory "web">
AllowOverride All
</Directory>

Then I have created a .htaccess file with this content in the web folder:

RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(OPTIONS)
RewriteRule .* - [F]

After restarting apache it already show me the options method with a 403 Forbidden response:

curl -v -X OPTIONS http://localhost:8090
* Trying 127.0.0.1:8090...
* Connected to localhost (127.0.0.1) port 8090 (#0)
> OPTIONS / HTTP/1.1
> Host: localhost:8090
> User-Agent: curl/7.78.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< Date: Fri, 20 Aug 2021 14:47:29 GMT
< Server: Apache
< X-Frame-Options: SAMEORIGIN
< Content-Length: 202
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /
on this server.</p>
</body></html>
* Connection #0 to host localhost left intact

 

!thanks for your help¡

View solution in original post

0 Kudos
(6) Replies
mrathinam
Revenera Moderator Revenera Moderator
Revenera Moderator

@Johnrip84  

Or, in httpd.conf and add the following in the respective Directory directive

<Directory />
AllowOverride none
Require all denied
<LimitExcept POST GET HEAD>
Deny from all
</LimitExcept>
</Directory>

Reload Apache, this should work. 

Best Regards,

Mani. 

0 Kudos
Hi @mrathinam, this configuration is lost when apache is restarted, as the note indicates:
"What if one changes the default httpd.conf?

If customizations are done on the httpd.conf that comes along lmadmin as a default file they’ll be applied. However, when they restart the server customizations will be overwritten back to the default form. Taking the route of httpd.conf is not recommended and it’s not a workable solution."

Thanks!
0 Kudos

@mrathinam, it works now!!! I have added this line in the httpConfExtra.conf file:

DocumentRoot "web"
<Directory "web">
AllowOverride All
</Directory>

Then I have created a .htaccess file with this content in the web folder:

RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(OPTIONS)
RewriteRule .* - [F]

After restarting apache it already show me the options method with a 403 Forbidden response:

curl -v -X OPTIONS http://localhost:8090
* Trying 127.0.0.1:8090...
* Connected to localhost (127.0.0.1) port 8090 (#0)
> OPTIONS / HTTP/1.1
> Host: localhost:8090
> User-Agent: curl/7.78.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< Date: Fri, 20 Aug 2021 14:47:29 GMT
< Server: Apache
< X-Frame-Options: SAMEORIGIN
< Content-Length: 202
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /
on this server.</p>
</body></html>
* Connection #0 to host localhost left intact

 

!thanks for your help¡

0 Kudos
mrathinam
Revenera Moderator Revenera Moderator
Revenera Moderator

@Johnrip84  I am glad that your problem has been solved now. 

 

0 Kudos

Hi @mrathinam,

From this note I have tested the configuration in a httpConfExtra.conf file, but when add the following lines:

<Directory />
AllowOverride none
Require all denied
<LimitExcept POST GET HEAD>
Deny from all
</LimitExcept>
</Directory>

the service returns an internal error and the log records the following: [Fri Aug 20 07:59:26 2021] [crit] [client 127.0.0.1] configuration error: couldn't perform authentication. AuthType not set!: /dashboard, referer: http://localhost:8091/login

¿should exclude a directory in the rule?

Thanks!

0 Kudos