Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2022-08-22 14:00:00 +0000

david gravatar image

To prevent the use of the TRACK HTTP method on Tomcat 8, you can follow these steps:

  1. Open the server.xml configuration file located in the conf folder of Tomcat's installation directory.

  2. Locate the <Connector> element that corresponds to the port you want to configure. For example:

<Connector port="8080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8443" />
  1. Add the allowTrace="false" attribute to the <Connector> element, like this:
<Connector port="8080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8443"
           allowTrace="false" />
  1. Save the configuration file and restart Tomcat for the changes to take effect.

With this configuration, Tomcat will reject any incoming requests that use the TRACK HTTP method, returning a 405 Method Not Allowed response.


Copyright QStack.ai, 2010-2023. Content on this site is licensed under the Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service | contact