question

Andrew E. avatar image
Andrew E. asked ·

Disabling HTTP Options

Hello,

we are looking to disable HTTP Options on our cluster activegate, per request from our security team as it has raised concerns about potential vulnerabilities. Is there any way that those options can be disabled?

Thanks in advance

Dynatrace Managedactivegate
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Alexander S. avatar image
Alexander S. answered ·

HTTP OPTIONS is necessary for REST API and Real user monitoring (beacon forwarders). The server does not respond with sensitive information, thus is not considered a security vulnerability.

HTTPS OPTIONS method is also a requirement for CORS calls: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Babar Q. avatar image
Babar Q. answered ·

Hello @Andrew E.

You can use ActiveGate properties for the configuration. These properties are applicable for both Environment ActiveGates and Cluster ActiveGates.

Have a look on the below link for more insight.

https://www.dynatrace.com/support/help/deploy-dyna...

Regards,

Babar

Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Space Topics