How do I disable specific HTTP methods in JBoss EAP 6 and HTTPD ?

Solution Verified - Updated -

Issue

  • For security reasons we would like to disable certain HTTP methods (PUT, CONNECT,DELETE, TRACE and OPTIONS) in JBoss. Is there a way to do this by using JBoss configuration?

  • We need to limit HTTP methods for JBOSS EAP 6.1. Please explain in detail where this is done in the EAP configuration. We are running EAP 6.1 in Domain mode and need to limit the HTTP methods for all instances running in the Domain.

  • Please provide the procedure to disable HTTP Options, PUT and DELETE Methods in JBoss EAP.
  • How to disable HTTP TRACE / OPTIONS method?
  • CONNECT Method Allowed in HTTP Server

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 4
    • 5
    • 6
  • Red Hat JBoss Web Server

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In