tomcat7禁用DELETE、PUT、TRACE、OPTIONS等不安全http方法
1、修改应用程序的tomcat7/conf/web.xml文件的协议
在应用程序的web.xml中添加如下的代码
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>PUT</http-method>
<http-method>TRACE</http-method>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<auth-constraint>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
注: </web-app> 前面部分添加
2、重启tomcat
评论