Home/ Questions/Q 92809
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-10T23:14:44+00:00

I need to disable PUT, DELETE & TRACE HTTP requests on my Application Server,

  • 0

I need to disable PUT, DELETE & TRACE HTTP requests on my Application Server, Apache Tomcat 6.0.

All other sources, i have searched till now, have directed me towards the limit parameter in httpd.conf, Hence I’d put it before-hand that I am not using Apache Web Server, and requests are directly being handled by Tomcat, and so there is no httpd.conf in picture.

Please suggest how should I do it on Tomcat?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Inside your WEBINF, add you can add a security constraint:

    <security-constraint>      <web-resource-collection>           <web-resource-name>Forbidden</web-resource-name>           <url-pattern>/blah/*</url-pattern>           <http-method>PUT</http-method>           <http-method>DELETE</http-method>           <http-method>TRACE</http-method>      </web-resource-collection>      <auth-constraint>           <role-name>empty_role</role-name>      </auth-constraint> </security-constraint>

    Alternatively, you can do these two things:

    In server.xml, edit the <connector> element, add an attribute: allowTrace='false'. Then edit the DefaultServlet: $CATALINA_HOME/conf/web.xml

    <servlet>     <servlet-name>default</servlet-name>     <servlet-class>         org.apache.catalina.servlets.DefaultServlet     </servlet-class>     <!-- blah blah blah -->     <init-param>         <param-name>readonly</param-name>         <param-value>true</param-value>     </init-param> </servlet>
    • 0