Disabling HTTP Methods in Java Applications (Per WAR)

Solution Verified - Updated -

Issue

  • How to disable HTTP methods in Java applications?
  • How to disallow HTTP methods in Java deployments?
  • For security reasons we would like to disable certain HTTP methods (PUT, DELETE, TRACE and OPTIONS) in Java. Is there a way to do this on application configuration?
  • How to disable HTTP TRACE/OPTIONS method?

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
  • Red Hat JBoss Web Server (JWS)
    • Apache Tomcat

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content