启用不安全的http方法

网上找了很多资料,找到了解决办法。现在有时间贴上解决方法,供他人 参考
在tomcat安装目录下config文件夹有web.xml文件,打开找到default servlet。加入如下参数:
Java code ?
1
2
3
4
<init-param> 
    <param-name>readonly</param-name> 
        <param-value>true</param-value> 
</init-param>


然后在当前项目的web.xml文件中加入如下代码:
Java code ?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
     <web-resource-collection>
          <web-resource-name>Your_Web_Project_Name</web-resource-name>
          <url-pattern>/*</url-pattern>
          <http-method>DELETE</http-method>
          <http-method>PUT</http-method>
          <http-method>HEAD</http-method>
          <http-method>TRACE</http-method>
          <http-method>OPTIONS</http-method>
     </web-resource-collection>
 
     <auth-constraint>
        <role-name></role-name>
     </auth-constraint>
 
     <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
     </user-data-constraint>
 
 </security-constraint>
     
   <login-config>
       <auth-method>BASIC</auth-method>
   </login-config>
 
   <security-role>
       <role-name></role-name> <!--此处角色设置为空 仍可以禁用上面设定的http方法-->
   </security-role>


按照上面配置后,就禁用了 tomcat6的一些http method。

你可能感兴趣的:(WebDAV,HTTP方法,漏洞检测)