tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nikola Milutinovic" <>
Subject Re: SECURITY BUG: No place to disable HTTP TRACE vulnerability
Date Sat, 10 Jan 2004 11:53:20 GMT
> From what I am told, the other application servers used in our company all
have a configuration-driven way to disable the
> TRACE HTTP.  My project is the first one to try to use Tomcat as a "real"

The only workaround (and a recomended thing to do, anyway) is to use Apache
as a front-end. Apache's security should kick in before it passes request to
Tomcat via mod_jk2.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message