How can I prevent the use of the TRACK HTTP method on Tomcat 8?

asked 2022-07-21 11:00:00 +0000

woof
21 ●1 ●1

edit retag flag offensive close merge delete

add a comment

1 Answer

Sort by » oldest newest most voted

answered 2022-08-22 14:00:00 +0000

david
31 ●16 ●4

To prevent the use of the TRACK HTTP method on Tomcat 8, you can follow these steps:

Open the server.xml configuration file located in the conf folder of Tomcat's installation directory.
Locate the <Connector> element that corresponds to the port you want to configure. For example:

<Connector port="8080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8443" />

Add the allowTrace="false" attribute to the <Connector> element, like this:

<Connector port="8080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8443"
           allowTrace="false" />

Save the configuration file and restart Tomcat for the changes to take effect.

With this configuration, Tomcat will reject any incoming requests that use the TRACK HTTP method, returning a 405 Method Not Allowed response.

edit flag offensive delete link

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss

Add Answer

Question Tools

Stats

Asked: 2022-07-21 11:00:00 +0000

Seen: 18 times

Last updated: Aug 22 '22

How can I prevent the use of the TRACK HTTP method on Tomcat 8? edit

1 Answer