I am trying to disable HTTP OPTIONS for security reasons in i-MSCP 1.3.16 (Build: 20170107).
If I drop a
- # curl -i -X OPTIONS http://139.1.x.xHTTP/1.1 200 OKDate: Fri, 05 May 2017 10:25:16 GMTServer: ApacheStrict-Transport-Security: max-age=31536000; includeSubDomainX-Frame-Options: sameoriginX-Content-Type-Options: nosniffAllow: GET,HEAD,POST,OPTIONSX-Frame-Options: sameoriginContent-Length: 0Content-Type: text/html
The "Allow" for OPTIONS should not be displayed.
So I added the following lines to /etc/apache2/imscp/mydomain.com.conf
and reloaded my Apache.
Additionally, I added a .htaccess with the same content in my document root.
Noting changed so far.
Any help would be appreciated. Thanx !