On 7/21/2011 12:27 PM, Scott Ferguson wrote: > On 07/20/2011 10:39 AM, Aaron Freeman wrote: >> I'd like to disabled the HTTP CONNECT method. I don't know the best >> way to do that, but I tried this and it's not working: >> >> <resin:Forbidden regexp='.*'> >> <resin:IfMethod value="CONNECT"/> >> </resin:Forbidden> >> >> The request is passed on and I receive a 200 OK response when I telnet >> and test the CONNECT. >> >> What is the most efficient way to get Resin to deny those requests? > That config works for me. (You don't need the regexp if you're matching > everything, but it doesn't matter for this issue.) > > There is the<resin:Forbidden> tag? > > -- Scott >
The config doesn't bomb, but in resin-pro-4.0.18 when I run this: > telnet localhost 80 then CONNECT http://localhost/ HTTP/1.0 I then get the home page and a 200 OK, instead of a 403 FORBIDDEN. You are able to get it to throw an appropriate HTTP 403? Thanks, Aaron _______________________________________________ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest