Disabling HTTP methods in TIBCO Administrator Tomcat
Title: | Disabling HTTP methods in Administrator Tomcat. | ||
Description: | To restrict the response to specific HTTP Methods such as OPTIONS, PUT, DELETE, CONNECT and TRACE, Tomcat can be configured to not respond to any of these HTTP Methods. | ||
Environment: | All | Linux | Windows |
Resolution: | This can be configured at the instance level by inserting a <security-constraint> element directly under the <web-app> element in the installation’s web.xml file located at: [tomcatinstallation]/conf/web.xml
Below is the added configuration. < security-constraint> The configuration above will disable the HTTP Methods TRACE, PUT, OPTIONS or DELETE. Specificly for TRACE, open the Tibco_home/administrator/domain<domain_name>/tomcat/conf/server.xml and set the allowTrace=”false” in the HTTP connector string used by the admin server. After this attribute is set, restart admin server. |
||
Reference: | |||