It's a third party that is running the scan. -----Original Message----- From: Mark Thomas [mailto:ma...@apache.org] Sent: Thursday, January 23, 2014 10:05 AM To: Tomcat Users List Subject: Re: Deny Put & Delete
On 23/01/2014 14:57, Stephan Fletcher wrote: > Any help would be greatly appreciated <rant> Buy a better vulnerability scanner. Specifically, one understands that an OPTIONS request returns the methods that are *available* not the methods that are *permitted*. </rant> Assuming you haven't changed Tomcat's default configuration any attempt to actually PUT or DELETE a resource will be denied. I have a recollection that we changed the implementation of the OPTIONS request to try and help with this sort of thing. Scratch that. That was for TRACE which won't be included in an OPTIONS response unless Tomcat can confirm that it has been explicitly enabled in the Connector. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org ________________________________ Important Notice: This email is copyright of Bohrensmoving.com, and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. This footnote also confirms that this email message has been swept for the presence of computer viruses. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
