Page 1 of 1
Disable HTTP DELETE METHODs in Tomcat
Posted: Thu Oct 11, 2018 3:21 pm
by mbabcock
How do I disable the HTTP DELETE methods in Tomcat v8.5.0?
Re: Disable HTTP DELETE METHODs in Tomcat
Posted: Mon Oct 15, 2018 11:36 am
by dovetail
This is really a generic Tomcat question, not about our z/OS package.
Try google:
https://www.google.com/search?source=hp ... ete+method
Re: Disable HTTP DELETE METHODs in Tomcat
Posted: Mon Oct 15, 2018 1:45 pm
by mbabcock
I found this on the net:
<security-constraint>
<display-name>Deny all HTTP methods except GET and POST</display-name>
<web-resource-collection>
<url-pattern>/company/*</url-pattern>
<http-method-omission>GET</http-method-omission>
<http-method-omission>POST</http-method-omission>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
Hopefully that works.
Re: Disable HTTP DELETE METHODs in Tomcat
Posted: Sun Oct 28, 2018 11:42 am
by Luke Mikel
mbabcock wrote: ↑Mon Oct 15, 2018 1:45 pm
I found this on the net:
<security-constraint>
<display-name>Deny all HTTP my sizegenetics
www.virtualpalomarwest.org/sizegenetics-review methods except GET and POST</display-name>
<web-resource-collection>
<url-pattern>/company/*</url-pattern>
<http-method-omission>GET</http-method-omission>
<http-method-omission>POST</http-method-omission>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
Hopefully that works.
That part is not functioning well.
Try updating the version may solve the issue as it has builtin delete methods.