Another Way To Deny Verbs in IIS

I recently needed to deny the TRACE verb to all incoming requests to IIS on a website running as a classic cloud service in Azure. First I tried following this post and adding the following: <system.webServer> <validation validateIntegratedModeConfiguration=”false” /> <modules runAllManagedModulesForAllRequests=”true” /> <handlers> <add name=”DenyOTH” verb=”OPTIONS,TRACE,HEAD” path=”*” type=”System.Web.HttpMethodNotAllowedHandler” /> </handlers> < [Read More]