处理weblogic、tomcat关闭不安全的http请求

无卤 服务器技术文章 552 阅读

禁止不安全的http请求方式PUT、DELETE、HEAD、OPTIONS、TRACE等,只保留GET和POST请求。其中tomcat和weblogic部署解决方案都是在web.xml中添加配置文件,但格式有所差异,详情如下:

Tomcat配置方法

1)Tomcat:在web.xml中添加:

<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>PATCH</http-method>
<http-method>COPY</http-method>
<http-method>LINK</http-method>
<http-method>UNLINK</http-method>
<http-method>PURGE</http-method>
<http-method>LOCK</http-method>
<http-method>UNLOCK</http-method>
<http-method>PROPFIND</http-method>
<http-method>VIEW</http-method>
</web-resource-collection>
<auth-constraint>
</auth-constraint>
</security-constraint>
weblogic配置方法

2)Weblogic:在web.xml中添加:

<security-constraint>
<web-resource-collection>
<web-resource-name>sgpssc</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>PATCH</http-method>
<http-method>COPY</http-method>
<http-method>LINK</http-method>
<http-method>UNLINK</http-method>
<http-method>PURGE</http-method>
<http-method>LOCK</http-method>
<http-method>UNLOCK</http-method>
<http-method>PROPFIND</http-method>
<http-method>VIEW</http-method>
</web-resource-collection>
<auth-constraint/>
</security-constraint>

可以通过谷歌浏览器的插件Postman工具检测,是否修复。

以上是处理weblogic、tomcat关闭不安全的http请求的全部内容。
THE END
分享
二维码
< <上一篇
下一篇>>