Hi mates, I got a problem with security scan on machine with apache-activemq-5.9.0 running.
The security dept ask me to disable "TRACE method" on this port 61614. I saw that it's disable for default on port 8161 where are the webapps admin, hawtio, etc. ( at org/eclipse/jetty/webapp/webdefault.xml for jetty webserver there is a <security-constraint> ) Is possible disable it on port 61614 too ? Please could someone tell me how to do that ... The only conf that I found with this port was in conf/activemq.xml: <transportConnector name="ws" uri="ws://0.0.0.0:61614?maximumConnections=1000&wireFormat.maxFrameSize=104857600"/> Follow below the tests for methods alloweds. edsn@edsn:~/apache-activemq-5.9.0$ telnet edsn 61614 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. OPTIONS / HTTP/1.1 host:edsn . HTTP/1.1 200 OK Allow: GET, HEAD, TRACE, OPTIONS Content-Length: 0 Server: Jetty(7.6.9.v20130131) On port 8161 its oK ! edsn@edsn:~/apache-activemq-5.9.0$ telnet edsn 8161 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. OPTIONS / HTTP/1.1 host:edsn . HTTP/1.1 404 Not Found Cache-Control: must-revalidate,no-cache,no-store Content-Type: text/html;charset=ISO-8859-1 Content-Length: 1267 Server: Jetty(7.6.9.v20130131) <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/> <title>Error 404 Not Found</title> </head> <body> HTTP ERROR: 404 <p>Problem accessing /. Reason: <pre> Not Found</pre></p> <hr />/<small>Powered by Jetty://</small>/ -- View this message in context: http://activemq.2283324.n4.nabble.com/how-to-disable-TRACE-method-on-port-61614-tp4680056.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.
