Disabling HTTP methods in TIBCO Administrator Tomcat
|Title:||Disabling HTTP methods in Administrator Tomcat.|
|Description:||To restrict the response to specific HTTP Methods such as OPTIONS, PUT, DELETE, CONNECT and TRACE, Tomcat can be configured to not respond to any of these HTTP Methods.|
|Resolution:||This can be configured at the instance level by inserting a <security-constraint> element directly under the <web-app> element in the installation’s web.xml file located at: [tomcatinstallation]/conf/web.xml
Below is the added configuration.
The configuration above will disable the HTTP Methods TRACE, PUT, OPTIONS or DELETE. Specificly for TRACE, open the Tibco_home/administrator/domain<domain_name>/tomcat/conf/server.xml and set the allowTrace=”false” in the HTTP connector string used by the admin server. After this attribute is set, restart admin server.