tomcat关闭不安全的http请求方法
关闭tomcat的一些不安全http请求方法:
在tomcat的web.xml或者项目的web.xml中添加以下参数:(图中tomcat版本为7.0.61)
<security-constraint> <web-resource-collection> <web-resource-name>fortune</web-resource-name> <url-pattern>/*</url-pattern> <http-method>PUT</http-method> <http-method>DELETE</http-method> <http-method>HEAD</http-method> <http-method>OPTIONS</http-method> <http-method>TRACE</http-method> </web-resource-collection> <auth-constraint></auth-constraint> </security-constraint>
浙公网安备 33010602011771号