2010/1/13 iainmac <iain_macau...@hotmail.com>: > > Hi, > > I need to disable TRACE to pass a security scan, so I added > allowTrace="false" to all my connectors, but its still allowing TRACE! > > I had to work around with urlrewrite and a jsp with 1 line which was > response.sendError(response.SC_NOT_IMPLEMENTED , "NOT IMPLEMENTED"); > > However I would prefer the allowTrace="false" to work properly! > > Any ideas as to why its not working? >
Exact Tomcat version = ? I see the following with 6.0.20 and a telnet client: TRACE /index.jsp HTTP/1.0 HTTP/1.1 405 Method Not Allowed Server: Apache-Coyote/1.1 Allow: OPTIONS Content-Length: 0 Date: Thu, 14 Jan 2010 00:43:44 GMT Connection: close TRACE /index.html HTTP/1.0 HTTP/1.1 405 Method Not Allowed Server: Apache-Coyote/1.1 Allow: POST, GET, DELETE, OPTIONS, PUT, HEAD Content-Length: 0 Date: Thu, 14 Jan 2010 00:43:00 GMT Connection: close Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
