ISA Server 2004+ allows you to configure "allowed / denied methods" in any rule for which the web proxy is involved; effectively nullifying this attack.
..of course, this requires the web devs to communicate the minimum required methods for their site ...
ISA Server 2004+ allows you to configure "allowed / denied methods" in any rule for which the web proxy is involved; effectively nullifying this attack.
..of course, this requires the web devs to communicate the minimum required methods for their site ...
[ more ]