There is not switch at the tomcat configuration level?
I know apache has one limit where you can specify to block http
methods...
-peter
-Original Message-
From: Anto Paul [mailto:[EMAIL PROTECTED]
Sent: Monday, June 06, 2005 10:04 PM
To: Tomcat Users List
Subject: Re: Disabling put and delete http methods...
On 6/7/05, Peter Fellwock [EMAIL PROTECTED] wrote:
Tomcat Gurus:
How can I disable put and delete http methods?
Putting a security constraint in web.xml works. Try this in
applications web.xml. Usually it will be last element in the web.xml.
security-constraint
web-resource-collection
web-resource-nameDisallowed Location/web-resource-name
url-pattern*/url-pattern
http-methodDELETE/http-method
http-methodPUT/http-method
/web-resource-collection
auth-constraint
role-name*/role-name
/auth-constraint
/security-constraint
--
rgds
Anto Paul
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]