Tomcat禁用PUT、DELETE、HEAD、TRACE、OPTIONS请求

编辑tomcat中web.xml 文件中修改配置，将org.apache.catalina.servlets.DefaultServlet的下的init-param属性中readonly的param-value值设为true

    <servlet>
        <servlet-name>default</servlet-name>
        <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
        <init-param>
            <param-name>readonly</param-name>
            <param-value>true</param-value>
        </init-param>
    </servlet>

然后找到<session-config>，并且在该节点后面增加<security-constraint>相关配置

    <session-config>
        <session-timeout>30</session-timeout>
    </session-config>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>restricted methods</web-resource-name>
            <url-pattern>/*</url-pattern>
            <http-method>PUT</http-method>
            <http-method>DELETE</http-method>
            <http-method>HEAD</http-method>
            <http-method>TRACE</http-method>
            <http-method>OPTIONS</http-method>
        </web-resource-collection>
        <auth-constraint/>
    </security-constraint>

参考资料：

https://www.jianshu.com/p/d96170ab0867

https://blog.csdn.net/musuny/article/details/106115297

posted @ 2024-06-03 14:55 安培昌浩阅读(831) 评论(0) 收藏举报

刷新页面返回顶部

安培昌浩

Tomcat禁用PUT、DELETE、HEAD、TRACE、OPTIONS请求

公告