Block TRACE, PUT, DELETE and OPTIONS HTTP methods

How to remove TRACE, PUT, DELETE, and OPTIONS HTTP methods.

Product: LoadMaster.

Version: Any.

Platform: Any.

Application: Any.

We want the LoadMaster to block TRACE, PUT, OPTIONS and DELETE HTTP methods for a VIP and only allow HEAD, POST, and GET HTTP methods.

• We'd need two SubVS's to achieve this, one to allow GET, POST, and HEAD and another to deny any other HTTP Method such as DELETE, PUT, OPTIONS, and TRACE.
• We create the SubVS's by going to Modify on the Virtual Service > Real Servers (if any servers are added, these need to be deleted to be able to add SubVS's) > Add SubVS ...
• Then, we create a content rule using method as the header field and the actual methods as the match string as shown below:

Rule Name: allowed_METHODS

Rule Type: Content Matching

Match Type: Regular Expression

Header Field: method

Match string: /GET|POST|HEAD/

• Then, we go to the VIP > Advanced Properties > Enable Content Switching and add the rules we just created under SubVS > rules to the SubVS that will have the Real Servers. The second SubVS will be assigned with the default rule to catch any other HTTP method.
• One the SubVS with the default rule, we go to Advanced Properties > Error Code > Set to 401 Unathorized. The logic is that if a method other than GET, POST, or HEAD is sent to the VIP, a 401 HTTP response will be returned.

This can be tested with the following command:

curl -X PUT https://<FQDN> -d "TEST"

curl -X DELETE https://<FQDN>

NOTE: TRACE is not accepted by the LM and we return a 501.

2022-07-05T15:26:29+00:00 aalcantara-HA1 kernel: L7: ffff888072ed7040: Parse_http_header: Invalid method TRACE
2022-07-05T15:26:29+00:00 aalcantara-HA1 kernel: L7: badrequest-select_conn [10.0.16.204:61328->10.1.116.200:80] (-501): TRACE ? , 0 [hlen 146, nhdrs 5]
2022-07-05T15:26:29+00:00 aalcantara-HA1 kernel: L7: ffff888072ed7040: Send error(-501) HTTP/1.1 501 Invalid Request 

https://support.kemptechnologies.com/hc/en-us/articles/5143451528077-Content-Rules