Method
METHODS
Manage Methods
[TEMPLATE] > [METHODS]
Defines and manages HTTP Methods to be controlled in security policies. Registered methods are utilized as allow or block rules in the Method Policy of the Domain Security Policy.
The major policies where method settings are applied are as follows:
| Template | Security Policy Tab | Detailed Policy |
|---|---|---|
| Method | Domain Security Policy | Method Policy |
ADD METHOD
[TEMPLATE] > [METHODS] > [ADD]
Adds a new method. Click the [ADD] button, enter the information, and click [SAVE]. The added method is recorded in the audit log.
| Item | Description |
|---|---|
| Name | Enter the method name. (Max 50 characters) |
| Type | Select the method inspection type. • Allow Request: General HTTP Request (Default) • WebDAV: WebDAV Extended Method |
| Description | Enter a detailed description for the method. |
EDIT METHOD
[TEMPLATE] > [METHODS] > (Select Method) > [EDIT]
Modifies registered method information. Select the method from the list and click [EDIT]. Change the information and click [SAVE] to complete the modification. A relevant audit log is created.
REMOVE METHOD
[TEMPLATE] > [METHODS] > (Select Method) > [REMOVE]
Deletes a registered method. Select the method to delete and click [REMOVE].
Danger
Methods currently in use by a security policy cannot be deleted.
To delete, you must first disable or remove the security policy (Method Policy) referencing that method.
A relevant audit log is created upon deletion.
Description of Major HTTP Methods
Descriptions of HTTP methods commonly used for web server security management.
| Item | Description |
|---|---|
| GET | Used to retrieve (Read) data from the server. Requests the resource identified by the Request-URI. If conditional headers (If-Modified-Since, etc.) are included, data is transferred only if there are changes. |
| HEAD | Identical to GET, but requests only the header information without the response body. Used to check for resource existence, modification status, metadata, etc. |
| POST | Used to submit data to the server to create a resource or request processing. Commonly used for posting on bulletin boards, form data transmission, DB updates, etc. |
| DELETE | Requests the deletion of a specific resource on the server. As it can be a security risk, it is usually disabled or strictly controlled by default on most web servers. |
| OPTIONS | Retrieves the options (supported methods, etc.) available for communication with the target resource. Used to check server functionality or settings without requesting actual data. |
| PROPFIND | A WebDAV (Web Distributed Authoring and Versioning) method used to retrieve the properties and structure (e.g., file list) of a resource. |
| PUT | Used to store or modify documents on the server. Stores the data (Entity) included in the request to the specified URI. If a resource exists at that location, it replaces it; otherwise, it creates a new one. |
| TRACE | Traces the path of the request message to the server (Loop-back). The server returns the received request as is. Primarily used for network diagnosis or debugging, but blocking is recommended due to the risk of Cross-Site Tracing (XST) attacks. |
| TRACK | Used for debugging purposes similar to TRACE, but rarely used in general web service environments and recommended to be blocked for security. |