Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
By Anonymous (not verified) on
Our security team ran a web-inspect security scan on our Drupal 7 site and reported that our site is vulnerable to verb tunneling using headers or query parameters such as X-HTTP-Method, X-HTTP-Method-Override, X-Method-Override, or a query parameter such as _method to use an override method to gain access to restricted HTTP methods. Not sure if this is a legitimate vulnerability for drupal 7 or can these kind of HTTP headers for verb tunneling be disabled?. Any response is greatly appreciated. We are using nginx and php-fpm on a Linux server for our Drupal 7 application.
Comments
Tambien en drupal 8
Hello, @srirams.
I am facing the same problem in drupal 8, I have spent a lot of time researching but still can't find a solution. Have you been lucky to resolve the error? To avoid this vulnerability, should I use a configuration on the server or in Drupal?
If anyone else has been able to resolve this error, please comment.
Thank you,