Overview: Allowed Methods¶
All security policies accept standard HTTP methods by default. If your web application uses HTTP methods other than the default allowed methods (default allowed methods vary according to your selected policy template), you can add them to the security policy. WAF treats any incoming HTTP request that uses an HTTP method other than an allowed method as an invalid request. The system ignores, learns, logs, or blocks the request depending on the settings configured for the Illegal Method violation.
Note: GET and POST methods are required and cannot be deleted.