> But I see many other types of requests > ( http://www.askapache.com/online-tools/request-method-scanner/ ) > including MOVE, COPY or DELETE!
These are used by WebDAV. If your server isn't configured to support WebDAV, it should ignore those HTTP verbs. > My question: is: it safe to allow only GET and POST? Yes, if you're not using WebDAV. > What is the best practice in CF? I don't know if there really is one. CF will, by default, respond to any HTTP request made to a CF URL, but it won't actually handle PUT or DELETE unless you explicitly write code to make it do so. You can typically configure CF to only support specific HTTP request verbs at the web server. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:326640 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
