问题描述

我需要禁用PUT，DELETE&我的应用服务器上的TRACE HTTP请求，Apache Tomcat 6.0。

I need to disable PUT, DELETE & TRACE HTTP requests on my Application Server, Apache Tomcat 6.0.

所有其他来源，我一直搜索到现在，已经指示我走向限制参数 httpd.conf ，因此我事先说明我没有使用Apache Web Server，并且请求直接由Tomcat处理，因此没有 httpd.conf 在图片中。

All other sources, i have searched till now, have directed me towards the limit parameter in httpd.conf, Hence I'd put it before-hand that I am not using Apache Web Server, and requests are directly being handled by Tomcat, and so there is no httpd.conf in picture.

请建议我如何在Tomcat上进行操作？

Please suggest how should I do it on Tomcat?

推荐答案

在您的WEBINF中，添加您可以添加安全约束：

Inside your WEBINF, add you can add a security constraint:

<security-constraint>
     <web-resource-collection>
          <web-resource-name>Forbidden</web-resource-name>
          <url-pattern>/blah/*</url-pattern>
          <http-method>PUT</http-method>
          <http-method>DELETE</http-method>
          <http-method>TRACE</http-method>
     </web-resource-collection>
     <auth-constraint>
          <role-name>empty_role</role-name>
     </auth-constraint>
</security-constraint>

或者，你可以做以下两件事：

Alternatively, you can do these two things:

在server.xml中，编辑< connector> 元素，添加一个属性： allowTrace =false。然后编辑DefaultServlet：$ CATALINA_HOME / conf / web.xml

In server.xml, edit the <connector> element, add an attribute: allowTrace="false". Then edit the DefaultServlet: $CATALINA_HOME/conf/web.xml

<servlet>
    <servlet-name>default</servlet-name>
    <servlet-class>
        org.apache.catalina.servlets.DefaultServlet
    </servlet-class>
    <!-- blah blah blah -->
    <init-param>
        <param-name>readonly</param-name>
        <param-value>true</param-value>
    </init-param>
</servlet>

这篇关于在Apache Tomcat 6.0中禁用PUT TRACE DELETE请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！