how to restrict http methods

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • kiranmca04
    New Member
    • Jul 2012
    • 1
    #1

    how to restrict http methods

    Hi

    I am using Apache webserver, i would like to restrict some of the http methods (DELETE, TRACE) for security reasons. I am not looking for for specific directory I want these methods should be restricted when a request made to the server, this is to avoid security threats. Please help me in this.

    -Kiran
    Tags: None
    • Luuk
      Recognized Expert Top Contributor
      • Mar 2012
      • 1043
      #2
      The answer is in the docs.
      Code:
      <Limit DELETE>
    AllowOverride
    Order allow,deny
    Deny from all
 </Limit>
      (see: http://httpd.apache.org/docs/2.2/mod/core.html#limit

        Comment

        • lisaflorence
          New Member
          • Sep 2012
          • 1
          #3
          restrict HTTP in web.xml methods by the following code
          <security-constraint>
          <web-resource-collection>
          <web-resource-name>restricted methods</web-resource-name>
          <url-pattern>/*</url-pattern>
          <http-method>TRACE</http-method>
          <http-method>PUT</http-method>
          <http-method>OPTIONS</http-method>
          <http-method>DELETE</http-method>
          </web-resource-collection>
          <auth-constraint />
          </security-constraint>

            Comment

            • Luuk
              Recognized Expert Top Contributor
              • Mar 2012
              • 1043
              #4
              @lisaflorence: where, in apache, do you expect the reader of your message to put that?

              I'm not new to apache, but never seen a 'web.xml' in any configuration part of apache......

                Comment

                Previous template Next
                Working...