Mr.Tcsy

TOMCAT 禁用不安全的http方法

Word count: 125 / Reading time: 1 min
2017/03/21 Share

1、禁用options方法

步骤一:

修改web.xml中的web-app协议

<?xml version=”1.0” encoding=”UTF-8”?>

步骤二:

在应用程序的web.xml中添加如下的代码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
<security-constraint>

<web-resource-collection>

<url-pattern>/*</url-pattern>

<http-method>PUT</http-method>

<http-method>DELETE</http-method>

<http-method>HEAD</http-method>

<http-method>OPTIONS</http-method>

<http-method>TRACE</http-method>

</web-resource-collection>

<auth-constraint>

</auth-constraint>

</security-constraint>

<login-config>

<auth-method>BASIC</auth-method>

</login-config>

CATALOG
  1. 1. 1、禁用options方法