tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anto Paul <antop...@gmail.com>
Subject Re: Disabling put and delete http methods...
Date Tue, 07 Jun 2005 05:03:39 GMT
On 6/7/05, Peter Fellwock <Peter.Fellwock@active.com> wrote:
> Tomcat Gurus:
> 
> 
> 
> How can I disable "put" and "delete" http methods?
> 

Putting a security constraint in web.xml works. Try this in
applications web.xml. Usually it will be last element in the web.xml.

<security-constraint>
        <web-resource-collection>
            <web-resource-name>Disallowed Location</web-resource-name>
            <url-pattern>*</url-pattern>
            <http-method>DELETE</http-method>
            <http-method>PUT</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>*</role-name>
        </auth-constraint>
 </security-constraint>


-- 
rgds
Anto Paul

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message