1. 程式人生 > >Tomcat禁用 OPTIONS 和 TRACE 並隱藏 Apache-Coyote/1.1 並啟動APR模式

Tomcat禁用 OPTIONS 和 TRACE 並隱藏 Apache-Coyote/1.1 並啟動APR模式

 

其實禁用OPTIONS  TRACE 等動詞就是禁用webdev協議

開啟tomcat–>conf–>web.xml 檔案: 

將以下程式碼註釋或刪除:

<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
                      http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
  version="3.1">

替換為:

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    id="WebApp_ID" version="3.0">
<security-constraint>
        <web-resource-collection>
            <url-pattern>/*</url-pattern>
            <http-method>PUT</http-method>
            <http-method>PATCH</http-method>
            <http-method>DELETE</http-method>
            <http-method>COPY</http-method>
            <http-method>OPTIONS</http-method>
            <http-method>LINK</http-method>
            <http-method>UNLINK</http-method>
            <http-method>PURGE</http-method>
            <http-method>LOCK</http-method>
            <http-method>UNLOCK</http-method>
            <http-method>PROPFIND</http-method>
            <http-method>VIEW</http-method>
            <http-method>TRACE</http-method>
        </web-resource-collection>
        <auth-constraint>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>DIGEST</auth-method>
    </login-config>

 

然後繼續修改server.xml(處理trace和Coyote/1.1):

新增:

allowTrace="true" server="x"

啟動APR模式:

對connector 的 protocol 進行修改

將  

HTTP/1.1

 修改為

org.apache.coyote.http11.Http11AprProtocol

結果如下 

<Connector port="80" protocol="org.apache.coyote.http11.Http11AprProtocol"
connectionTimeout="20000"
redirectPort="8443" />

在catalina.bat中找到setlocal新增CATALINA_OPTS引數具體如下

setlocal
set CATALINA_OPTS="-Djava.library.path=%CATALINA_HOME%\bin"