This repository provides a collection of Ansible playbooks and PowerShell scripts to remediate the HTTP OPTIONS, TRACE, and DELETE methods on various web servers, including Apache, Tomcat, NGINX, and Splunk. The goal is to enhance security by restricting these potentially dangerous HTTP methods, returning a 403 Forbidden response instead.
The core purpose of this project is to provide a comprehensive, multi-platform solution for a common security vulnerability. It automates the process of modifying configuration files to disable unwanted HTTP methods. The repository is designed to be a flexible toolkit, with both universal and platform-specific scripts and playbooks.
This repository is organized into a main directory for Ansible playbooks and a subdirectory for Windows-specific PowerShell scripts.
-
http_OPTIONS aLLiNoNE.yml: A single, comprehensive playbook that can remediate multiple web server types (Apache, Tomcat, NGINX) on Linux hosts. It uses aweb_applicationvariable to determine which section to run. -
http_OPTIONS dynamic search.yml: A utility playbook for gathering information and debugging. It uses Ansible'spackage_factsmodule to check if a specific package likehttpdis installed. -
http_OPTIONS nginx remediation.yml: A specific playbook for NGINX remediation. It adds thelimit_exceptblock to a specified NGINX configuration file. -
http_OPTIONS nginx remediationBACKOUT.yml: The NGINX backout playbook. It uses thefindmodule to locate and restore the most recent backup created by Ansible, returning the configuration to its original state. -
http_OPTIONS splunk remediation.yml: A playbook for Splunk. It checks for the existence ofweb.confand creates it if needed, then adds amethodsline to restrict HTTP methods. -
http_OPTIONS tomcat remediation.yml: A specific playbook for Tomcat remediation. It adds a<security-constraint>block to theweb.xmlfile. It also attempts to stop and start the Tomcat service. -
http_OPTIONS tomcat remediationBACKOUT.yml: The Tomcat backout playbook. It finds and restores the latest backup of theweb.xmlfile. -
httpOptionsApache2.4Remediation.yml: A playbook for Apache 2.4. It uses the<LimitExcept>block with theRequire all denieddirective. -
httpOptionsApacheRemediation.yml: An Apache playbook for older versions, using theorder deny,allowdirectives. -
httpOptionsApacheRemediationBACKOUT.yml: The Apache backout playbook, which restores the latest backup of thehttpd.conffile.
These scripts are designed for Windows systems where the Tomcat installation path is unknown. They dynamically search for the web.xml file on all logical drives.
-
Find-Tomcat-WebXml_BasicSearch.ps1: This script performs a basic, recursive search forweb.xmlon all logical drives and creates a backup. -
Find-Tomcat-WebXml_RobustSearch.ps1: This is a more robust version that uses atry/catchblock to handle permission errors gracefully, ensuring the script does not crash when it encounters protected system directories. This script is generally faster as it uses theEnumerateFilesmethod, which is more efficient for large filesystems. -
Find-Tomcat-WebXml_WmiSearch.ps1: An alternative search method that uses Windows Management Instrumentation (WMI) to enumerate logical drives before performing the search.
For Ansible Playbooks:
To run the playbooks, you must define the VSPM_httpOPTIONS host group in your Ansible inventory. For the aLLiNoNE playbook, you also need to define the web_application variable with a value of Apache, Tomcat, or NGINX. For Tomcat, you will also need to provide the tomcat_base_path variable.
For PowerShell Scripts:
Navigate to the PowerShell folder and run the desired script. It's recommended to run these scripts with elevated privileges (as an administrator) to avoid access denied errors on system files and folders.
The recursive search for web.xml across an entire drive can be very slow. For the PowerShell scripts, the versions with try/catch blocks and the .NET EnumerateFiles method are significantly faster and more resilient to errors. It is also recommended to exclude known system directories (like C:\Windows) from your search to further improve performance.