tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Restrict http methods
Date Fri, 14 May 2010 15:28:17 GMT
Leo Donahue - PLANDEVX wrote:

> Yes.  I wasn't implementing doPUT or doDELETE and was scratching my head trying to figure
out how the security scan was able to indicate those methods were available.
Then it very much looks right now as if it is the scanner which is faulty.
Being mainly a perl guy, I know this tool which would tell you how the 
Tomcat reacts : lwp-request
It is a perl command-line tool which allows to create and send a HTTP 
request to a server, and see the returned answer in detail.
lwp-request --help will tell you all about it.

# lwp-request -m PUT -Sed http://localhost:8180/some-url
Please enter content (text/plain) to be PUTed:
PUT http://localhost:8180/some-url --> 403 Forbidden
Connection: close
Date: Fri, 14 May 2010 15:24:55 GMT
Server: Apache-Coyote/1.1
Content-Length: 958
Content-Type: text/html;charset=utf-8
Client-Date: Fri, 14 May 2010 15:24:55 GMT
Client-Response-Num: 1
Title: Apache Tomcat/5.0 - Error report

So, it does respond 403.
Mark was right. How does he know these things ?

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message