톰캣 불필요한웹메서드 제거
IT/Was2020. 7. 14. 13:15
1. apache-tomcat-8.0.12/conf/web.xml 에 <security-constraint>...</security-constraint> 추가 후 톰캣 재기동
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>Forbidden</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<auth-constraint />
</security-constraint>
</web-app>
2. 점검 방법
- telnet url port
- 아무것도 보이지 않는 상태에서 OPTIONS / HTTP/1.0 입력 후 엔터 두번 - curl
[root@localhost ~]# curl -I -X OPTIONS localhost:18080 HTTP/1.1 403 Forbidden Server: Apache-Coyote/1.1 Cache-Control: private Expires: Thu, 01 Jan 1970 00:00:00 UTC Allow: GET,HEAD,OPTIONS Content-Length: 0 Date: Tue, 14 Jul 2020 02:14:30 GMT |
'IT > Was' 카테고리의 다른 글
메이븐(Maven)에서 톰캣 SSL(HTTPS) 설정 (0) | 2020.10.14 |
---|---|
[Tomcat]도커(Docker)에서 톰캣 설치 (0) | 2020.06.11 |
Jboss AS 7 서버로깅설정 (0) | 2014.03.24 |
JBoss AS 7 설치 (0) | 2014.03.07 |
웹로직 64비트 설치 (0) | 2014.02.10 |