Disabling HTTP Methods in Java Applications (Per WAR)

Solution Verified - Updated -

Issue

  • How to disable HTTP methods in Java applications?
  • How to disallow HTTP methods in Java deployments?
  • For security reasons we would like to disable certain HTTP methods (PUT, DELETE, TRACE and OPTIONS) in Java. Is there a way to do this on application configuration?
  • How to disable HTTP TRACE/OPTIONS method?

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
  • Red Hat JBoss Web Server (JWS)
    • Apache Tomcat

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In