blocking certain HTTP methods

20 views
Skip to first unread message

Search

unread,
Oct 22, 2024, 10:16:19 AMOct 22
to ZAP User Group
Hi,

I was exploring the automation framework for my openapi scans. I would like to block zap from sending requests to the DELETE method. I cannot exclude certain endpoints as there can be endpoint that use multiple methods. I turned to HTTP sender script and created a simple script to block POST request. The script console does say it blocked it which show it kinda works but I still see the request in the history and same for the active scan tabs and report.

The automation is as follows

env
http sender script
openapi
report

The script for blocking POST

function sendingRequest(msg, initiator, helper) {
    var method = msg.getRequestHeader().getMethod();
   
    // Block POST requests
    if (method.equalsIgnoreCase("POST")) {
        print("Blocking POST request: " + msg.getRequestHeader().getURI());
        return;
    }
}

function responseReceived(msg, initiator, helper) {
    // No action required for responses in this case
}

Simon Bennetts

unread,
Oct 24, 2024, 11:44:18 AMOct 24
to ZAP User Group
Unfortunately we can't handle that in a very clean way right now.
That issue does include a workaround.

Feel free to comment on it, and as always give it a +1 in the first comment if you'd like us to prioritise it.

Cheers,

Simon
Reply all
Reply to author
Forward
0 new messages