一、Apache

使用Apache的重写规则来禁用Options方法和Trace方法

在Apache配置文件httpd-conf中【vhosts-conf】添加以下代码：

单独禁用Trace方法：

RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK）
RewriteRule .* - [F]

单独禁用Options方法：

RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(OPTIONS)
RewriteRule .* - [F]

同时禁用Trace方法和Options方法

RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
RewriteRule .* - [F]
<VirtualHost *:80>
    DocumentRoot "D:\wwwroot"
    ServerName www.abc.com
    ServerAlias abc.com
  <Directory "D:\wwwroot">
      Options FollowSymLinks ExecCGI
      AllowOverride All
      Order allow,deny
      Allow from all
      Require all granted
      RewriteEngine on
      RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
      RewriteRule .* - [F]
  </Directory>
</VirtualHost>

二、Nginx

在你要屏蔽的虚拟主机的server段里加入下面代码：

if ($request_method !~* GET|POST) {
            return 403;
        }

重启nginx，这样就屏蔽GET、POST、之外的HTTP方法

三、Tomcat

找到conf下web.xml（配置文件末尾前添加下面配置）(url下禁用的请求方式)

<security-constraint>  
        <web-resource-collection>  
            <url-pattern>/*</url-pattern>  
            <http-method>PUT</http-method>  
            <http-method>DELETE</http-method>  
            <http-method>HEAD</http-method>  
            <http-method>OPTIONS</http-method>  
            <http-method>TRACE</http-method>  
        </web-resource-collection>  
        <auth-constraint>  
        </auth-constraint>  
    </security-constraint>  

四、IIS

禁用WebDAV功能