There is not switch at the tomcat configuration level? I know apache has one "<limit>" where you can specify to block http methods...
-peter -----Original Message----- From: Anto Paul [mailto:[EMAIL PROTECTED] Sent: Monday, June 06, 2005 10:04 PM To: Tomcat Users List Subject: Re: Disabling put and delete http methods... On 6/7/05, Peter Fellwock <[EMAIL PROTECTED]> wrote: > Tomcat Gurus: > > > > How can I disable "put" and "delete" http methods? > Putting a security constraint in web.xml works. Try this in applications web.xml. Usually it will be last element in the web.xml. <security-constraint> <web-resource-collection> <web-resource-name>Disallowed Location</web-resource-name> <url-pattern>*</url-pattern> <http-method>DELETE</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <role-name>*</role-name> </auth-constraint> </security-constraint> -- rgds Anto Paul --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]