https://community.qlik.com/t5/QlikView/HTTP-Methods/m-p/468496#M1304598 <HTML><HEAD></HEAD><BODY><P>Thanks,</P><P>I can't&nbsp; back, and install IIS, because the client doesn't want it.</P><P><IMG src="https://community.qlik.com/legacyfs/online/emoticons/sad.png" /></P><P> The IT security department ran a test and wrote me this, </P><P></P><P>Insecure HTTP methods like PUT, DELETE, TRACE, OPTIONS, MKDIR, CONNECT, RMDIR, PROPATCH, COPY, LOCK. Are enabled. Or at least one of them.</P><P></P><P>Vulnerability risks.</P><P>"the attacker could use any of these HTTP methods to query, create, delete files within the server, as well as the ability to upload a file Shell and complete information about the server."</P></BODY></HTML> Tue, 29 Jan 2013 23:04:41 GMT 2013-01-29T23:04:41Z https://community.qlik.com/t5/QlikView/HTTP-Methods/m-p/468493#M1304593 <HTML><HEAD></HEAD><BODY><P>Hi friends, hope all of you are fine.</P><P></P><P>This time I have an issue about the HTTP Methods, a client, run some vulnerabilties test in QV Server, and found some non safe methods (<SPAN style="font-size: 10.0pt; font-family: 'Calibri','sans-serif'; color: #1d1b11;">PUT, DELETE, TRACE, OPTIONS, MKDIR, CONNECT, RMDIR, PROPATCH, COPY, LOCK</SPAN>)</P><P> he ask me if we can close it or disable it.</P><P></P><P>Does QVWS, use those methods ? if so, does exist a Qliktech technical document, that support the use of those. ?</P><P></P><P></P><P>Or how can I disable that methods.!?</P><P></P><P>Actually, we are using Qlikview Web server.</P><P></P><P>Any help , will be appreciate it.</P><P></P><P>Thanks in advance.</P><P>Karim</P></BODY></HTML> Mon, 26 Jan 2026 18:19:17 GMT https://community.qlik.com/t5/QlikView/HTTP-Methods/m-p/468493#M1304593 2026-01-26T18:19:17Z https://community.qlik.com/t5/QlikView/HTTP-Methods/m-p/468494#M1304595 <HTML><HEAD></HEAD><BODY><P>You should probably try using IIS as a webserver as it will probably be easier to configure.</P></BODY></HTML> Tue, 29 Jan 2013 17:20:27 GMT https://community.qlik.com/t5/QlikView/HTTP-Methods/m-p/468494#M1304595 danielrozental 2013-01-29T17:20:27Z https://community.qlik.com/t5/QlikView/HTTP-Methods/m-p/468495#M1304597 <HTML><HEAD></HEAD><BODY><P>It seems that sending an http request to qlikview webserver with another verb than GET or POST always results in "&lt;result&gt;&lt;message text='Empty Request'/&gt;&lt;/result&gt;" responses.</P><P>I do not understand what you want to do, how could that be a security problem?</P></BODY></HTML> Tue, 29 Jan 2013 17:27:57 GMT https://community.qlik.com/t5/QlikView/HTTP-Methods/m-p/468495#M1304597 2013-01-29T17:27:57Z https://community.qlik.com/t5/QlikView/HTTP-Methods/m-p/468496#M1304598 <HTML><HEAD></HEAD><BODY><P>Thanks,</P><P>I can't&nbsp; back, and install IIS, because the client doesn't want it.</P><P><IMG src="https://community.qlik.com/legacyfs/online/emoticons/sad.png" /></P><P> The IT security department ran a test and wrote me this, </P><P></P><P>Insecure HTTP methods like PUT, DELETE, TRACE, OPTIONS, MKDIR, CONNECT, RMDIR, PROPATCH, COPY, LOCK. Are enabled. Or at least one of them.</P><P></P><P>Vulnerability risks.</P><P>"the attacker could use any of these HTTP methods to query, create, delete files within the server, as well as the ability to upload a file Shell and complete information about the server."</P></BODY></HTML> Tue, 29 Jan 2013 23:04:41 GMT https://community.qlik.com/t5/QlikView/HTTP-Methods/m-p/468496#M1304598 2013-01-29T23:04:41Z https://community.qlik.com/t5/QlikView/HTTP-Methods/m-p/468497#M1304601 <HTML><HEAD></HEAD><BODY><P>It sounds like a boilerplate security review question. I would ask support or your salesep for the "standard response" from Qliktech. </P><P></P><P>As jgeorge pointed out, usng any other verb does nothing useful and returns a standard result. The IT security dept is probably reacting to the fact that the server did not reject those requests. But they overlooked the fact the server does nothing useful with those requests. </P><P></P><P>-Rob</P></BODY></HTML> Wed, 30 Jan 2013 00:12:01 GMT https://community.qlik.com/t5/QlikView/HTTP-Methods/m-p/468497#M1304601 rwunderlich 2013-01-30T00:12:01Z https://community.qlik.com/t5/QlikView/HTTP-Methods/m-p/468498#M1304604 <HTML><HEAD></HEAD><BODY><P>Did u get correct solution? Anybody?</P></BODY></HTML> Fri, 26 Jun 2015 07:13:16 GMT https://community.qlik.com/t5/QlikView/HTTP-Methods/m-p/468498#M1304604 Anonymous 2015-06-26T07:13:16Z https://community.qlik.com/t5/QlikView/HTTP-Methods/m-p/468499#M1304607 <HTML><HEAD></HEAD><BODY><P>QlikTech has given any response to this topic?</P></BODY></HTML> Fri, 26 Jun 2015 07:26:05 GMT https://community.qlik.com/t5/QlikView/HTTP-Methods/m-p/468499#M1304607 Anonymous 2015-06-26T07:26:05Z