tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nikola Milutinovic" <Nikola.Milutino...@ev.co.yu>
Subject Re: SECURITY BUG: No place to disable HTTP TRACE vulnerability
Date Sat, 10 Jan 2004 11:53:20 GMT
> From what I am told, the other application servers used in our company all
have a configuration-driven way to disable the
> TRACE HTTP.  My project is the first one to try to use Tomcat as a "real"
server.

The only workaround (and a recomended thing to do, anyway) is to use Apache
as a front-end. Apache's security should kick in before it passes request to
Tomcat via mod_jk2.

Nix.


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message