For security reasons I want to disable those methods through application level
so I have this web.config file:
<configuration>
<location path="index.php">
<system.webServer>
<directoryBrowse enabled="false" />
</system.webServer>
<system.web>
<authorization>
<deny verbs="OPTIONS" users="*" />
<deny verbs="TRACE" users="*" />
<deny verbs="HEAD" users="*" />
<deny verbs="PROPFIND" users="*" />
<deny verbs="COPY" users="*" />
<deny verbs="LOCK" users="*" />
<deny verbs="UNLOCK" users="*" />
<deny verbs="PROPPATCH" users="*" />
<deny verbs="MKCOL" users="*" />
<deny verbs="MOVE" users="*" />
<deny verbs="DELETE" users="*" />
</authorization>
</system.web>
</location>
</configuration>
But this didn't work - any ideas?
Finaly I found another answer for this problem. and this is working for me. Just add below datas to the your webconfig file.
<configuration>
<system.webServer>
<security>
<requestFiltering>
<verbs allowUnlisted="true">
<add verb="OPTIONS" allowed="false" />
</verbs>
</requestFiltering>
</security>
</system.webServer>
</configuration>
Form more information, you can visit this web site: http://www.iis.net/learn/manage/configuring-security/use-request-filtering
if you want to test your web site, is it working or not... You can use "HttpRequester" mozilla firefox plugin. for this plugin: https://addons.mozilla.org/En-us/firefox/addon/httprequester/