allowed-features
This command specifies the methods and versions to allow in incoming HTTP requests.
Syntax
allowed-features features
Parameters
- features
- Specifies the list of features to allow in requests. Concatenate features with the
+character.CmdExe- Allow requests that contain cmd.exe in the URL.
CustomMethods- Allow requests with any other method, which supports protocol extensions.
DELETE- Allow
DELETEmethods in requests. DotDot- Allow requests that contain
..in the URL. FragmentIdentifiers- Allow requests that contain
#in the URL. GET- Allow
GETmethods in requests.- When you allow the
GETmethod, you must allow at least one HTTP version. - When you allow WebSocket upgrade with the websocket-upgrade command, you must
allow the
GETmethod.
- When you allow the
HEAD- Allow
HEADmethods in requests. HTTP-1.0- Support HTTP/1.0 requests.
HTTP-1.1- Support HTTP/1.1 requests.
HTTP-2.0- Support HTTP/2 requests.
OPTIONS- Allow
OPTIONSmethods in requests. PATCH- Allow
PATCHmethods in requests. POST- Allow
POSTmethods in requests. PUT- Allow
PUTmethods in requests. QueryString- Allow requests that contain
?in the URL. TRACE- Allow
TRACEmethods in requests.
Guidelines
The allowed-features command specifies the methods and versions to
allow in incoming HTTP requests. The handler accepts HTTP requests that contain any of the allowed
features. If the feature is not in the list, the handler rejects the request. By default, this
handler supports the following features.
FragmentIdentifiersHTTP-1.0HTTP-1.1POSTPUTQueryString
Examples
- Limit requests to the
POSTmethod with the HTTP/1.0 and HTTP/1.1 protocol versions. The URL can contain query parameters.# allowed-features POST+HTTP-1.0+HTTP-1.1+QueryString - Limit requests to the
GET,POST, andPUTmethods with the HTTP/1.0, HTTP/1.1, and HTTP/2 protocol versions. The URL can contain query parameters. Requests with theGETmethod support WebSocket upgrade.# allowed-features GET+POST+PUT+HTTP-1.0+HTTP-1.1+HTTP-2.0+QueryString # websocket-upgrade on