Information
For normal web server operation only GET and POST request methods. This will allow for downloading of web pages and uploading any type of basic form submission information. LimitExcept directive can be used to limit the methods allowed by the web server. The HEAD requests are included with GET requests when using the LimitExcept directive. LimitExcept directive works well for all methods except TRACE.
NOTE - User must check output for 'deny from all'
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Edit the httpd.conf file and add the following inside the document root directory stanza:
<LimitExcept GET POST>
deny from all
</LimitExcept>
A sample conf file would look like:
<Directory '/var/www'>
Options -FollowSymLinks -Indexes -Includes -MultiViews
<LimitExcept GET POST>
deny from all
</LimitExcept>
AllowOverride None
Order allow, deny
Allow from all
</Directory>