Disabling PUT TRACE DELETE request in Apache Tomcat 6.0

I need to disable PUT, DELETE & TRACE HTTP requests on my Application Server, Apache Tomcat 6.0.

All other sources, i have searched till now, have directed me towards the limit parameter in httpd.conf, Hence I'd put it before-hand that I am not using Apache Web Server, and requests are directly being handled by Tomcat, and so there is no httpd.conf in picture.

Please suggest how should I do it on Tomcat?


Inside your WEBINF, add you can add a security constraint:


Alternatively, you can do these two things:

In server.xml, edit the <connector> element, add an attribute: allowTrace="false". Then edit the DefaultServlet: $CATALINA_HOME/conf/web.xml

    <!-- blah blah blah -->

The answer lies in the servlet specification. In looking at the API for the servlet: http://java.sun.com/products/servlet/2.5/docs/servlet-2_5-mr2/javax/servlet/http/HttpServlet.html you'll see that different methods handle different kind of HTTP requests. Also, there is a great feature called filters that can be used to wrap some code around servlets and filters.

So the solutions are:

  • Modify the servlet to only support do and get; or
  • Create a filter to clear those other kind of requests.

Need Your Help

Embed MS Word in asp3 Web Page

asp-classic ms-word

Does someone knows how can i Embed MS Word in asp3 page?

MYSQL: using des decrypt function with lower

mysql encryption mysql-logic

I have encrypted user data in my database using des_encrypt, now when i specify a particular statement as below: