Disabling PUT TRACE DELETE request in Apache Tomcat 6.0?

Inside your WEBINF, add you can add a security constraint.

Inside your WEBINF, add you can add a security constraint: Forbidden /blah/* PUT DELETE TRACE empty_role Alternatively, you can do these two things: In server. Xml, edit the element, add an attribute: allowTrace="false". Then edit the DefaultServlet: $CATALINA_HOME/conf/web.

Xml default org.apache.catalina.servlets. DefaultServlet readonly true.

Thanks James, What should be the , in case I'm adding it to server's web. Inf instead of app's web. Inf?(WEBROOT\conf\web.

Xml) – Mohit Nanda Nov 26 '08 at 15:43 A wildcard such as '/*' should work, I think. – James Schek Nov 26 '08 at 15:54.

The answer lies in the servlet specification. In looking at the API for the servlet: java.sun.com/products/servlet/2.5/docs/s... you'll see that different methods handle different kind of HTTP requests. Also, there is a great feature called filters that can be used to wrap some code around servlets and filters.So the solutions are: Modify the servlet to only support do and get; or Create a filter to clear those other kind of requests.

Modifying the servlets is a dicey proposition at best. It may not be possible to modify a framework override the doPut, doDelete, etc. Plus, it requires every servlet be modified which is error-prone process. The filter is probably a better approach and provides the most control.

– James Schek Nov 26 '08 at 15:33.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.