Disabling the insecure methods on Apache tomcat
For disabling the insecure methods on Apache tomcat , I have made the following change but still I am getting the delete/options whenever we access the URL of the site.
module change path:: tomcat/conf/web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>restricted methods</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<auth-constraint />
</security-constraint>
I don't know why this change hasn't affected the tomcat server, could you please help me on this.
|