LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 11-29-2011, 12:11 PM   #1
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,237

Rep: Reputation: 1657Reputation: 1657Reputation: 1657Reputation: 1657Reputation: 1657Reputation: 1657Reputation: 1657Reputation: 1657Reputation: 1657Reputation: 1657Reputation: 1657
Tomcat 6.0.24 - How do I disable DELETE, PUT, OPTIONS?


I have tried these methods, and NONE of them work. (Found with google: "Tomcat 6" disable delete put)
Could anyone tell me what to put into conf/web.xml, or give me other exact steps, to *actually* disable DELETE, OPTIONS and PUT on Tomcat 6.0.24? No one else in the world seems to know.
 
Old 11-29-2011, 12:17 PM   #2
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,237

Original Poster
Rep: Reputation: 1657Reputation: 1657Reputation: 1657Reputation: 1657Reputation: 1657Reputation: 1657Reputation: 1657Reputation: 1657Reputation: 1657Reputation: 1657Reputation: 1657
Additional info:

BEFORE changes:

telnet 234.234.234.234 8080

Code:
Trying 234.234.234.234...
Connected to 234.234.234.234.
Escape character is '^]'.
OPTIONS / HTTP/1.1
host: 234.234.234.234

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Allow: GET, HEAD, POST, PUT, DELETE, OPTIONS
Content-Length: 0
tomcat/conf/web.xml

Code:
. . . <snip> . . .
<security-constraint>
<web-resource-collection>
<web-resource-name>restricted methods</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<auth-constraint />
</security-constraint>

<!-- No one mentions this bit in their examples to get rid of the error the rest causes -->
<security-role>
<role-name>tomcat</role-name>
</security-role>
</web-app>
webapps/theAPP/WEB-INF/web.xml

Code:
<security-constraint>
<web-resource-collection>
<web-resource-name>restricted methods</web-resource-name>
<url-pattern>/theAPP/*</url-pattern>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<auth-constraint />
</security-constraint>

<security-role>
<role-name>tomcat</role-name>
</security-role>

</web-app>

AFTER changes (the same)

telnet 234.234.234.234 8080

Code:
Trying 234.234.234.234...
Connected to 234.234.234.234.
Escape character is '^]'.
OPTIONS / HTTP/1.1
host: 234.234.234.234

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Allow: GET, HEAD, POST, PUT, DELETE, OPTIONS
Content-Length: 0

Last edited by szboardstretcher; 11-29-2011 at 12:18 PM.
 
Old 11-30-2011, 09:12 AM   #3
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,237

Original Poster
Rep: Reputation: 1657Reputation: 1657Reputation: 1657Reputation: 1657Reputation: 1657Reputation: 1657Reputation: 1657Reputation: 1657Reputation: 1657Reputation: 1657Reputation: 1657
Any programmers here familiar with Apache Tomcat? Does everyone just leave these options active because no one knows how to disable them? Or is there a secret ninja way that no one wants to share?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I delete KDE options without deleting Dolphin's options? Mr. Alex Linux - Software 1 10-27-2011 07:06 AM
CD - R with Puppy 4 can one delete and put SliTaz on it instead? nooby Puppy 10 07-06-2008 02:38 AM
simply put, how do I disable Hyperthreading? v8esprit Linux - Hardware 2 12-03-2003 08:01 PM
simply put, how do I disable Hyperthreading? v8esprit Mandriva 1 12-03-2003 07:59 PM
simply put, how do I disable Hyperthreading? v8esprit Linux - Laptop and Netbook 0 12-03-2003 06:26 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 09:46 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration