1 | initial version |
To prevent the use of the TRACK HTTP method on Tomcat 8, you can follow these steps:
Open the server.xml
configuration file located in the conf
folder of Tomcat's installation directory.
Locate the <Connector>
element that corresponds to the port you want to configure. For example:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
allowTrace="false"
attribute to the <Connector>
element, like this:<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
allowTrace="false" />
With this configuration, Tomcat will reject any incoming requests that use the TRACK HTTP method, returning a 405 Method Not Allowed response.