We have an application where the user comes in through 8443 via https.
But the same app also communicates headlessly with other apps through a
separate data port (also https).
When client authentication is turned on for 8443 the user/browser can get
through the data port without being challenged
/lib and rock-n-roll.
markt-2 wrote:
>
> joeweder wrote:
>> I have PUTs disabled but they are still being published as supported in
>> response to the OPTIONS method.
>
> Which is correct as per the HTTP spec.
>
>> Allow: GET, HEAD, POST, PUT
I have PUTs disabled but they are still being published as supported in
response to the OPTIONS method.
Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS
Server: Apache-Coyote/1.1
Actually doing a PUT returns a 403. But "in-house" security scanner just
looks at response from the OPTIONS metho
