Tomcat禁用 OPTIONS 和 TRACE 並隱藏 Apache-Coyote/1.1 並啟動APR模式
阿新 • • 發佈:2019-08-11
其實禁用OPTIONS TRACE 等動詞就是禁用webdev協議
開啟tomcat–>conf–>web.xml 檔案:
將以下程式碼註釋或刪除:
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1">
替換為:
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0"> <security-constraint> <web-resource-collection> <url-pattern>/*</url-pattern> <http-method>PUT</http-method> <http-method>PATCH</http-method> <http-method>DELETE</http-method> <http-method>COPY</http-method> <http-method>OPTIONS</http-method> <http-method>LINK</http-method> <http-method>UNLINK</http-method> <http-method>PURGE</http-method> <http-method>LOCK</http-method> <http-method>UNLOCK</http-method> <http-method>PROPFIND</http-method> <http-method>VIEW</http-method> <http-method>TRACE</http-method> </web-resource-collection> <auth-constraint> </auth-constraint> </security-constraint> <login-config> <auth-method>DIGEST</auth-method> </login-config>
然後繼續修改server.xml(處理trace和Coyote/1.1):
新增:
allowTrace="true" server="x"
啟動APR模式:
對connector 的 protocol 進行修改
將
HTTP/1.1
修改為
org.apache.coyote.http11.Http11AprProtocol
結果如下
<Connector port="80" protocol="org.apache.coyote.http11.Http11AprProtocol" connectionTimeout="20000" redirectPort="8443" />
在catalina.bat中找到setlocal新增CATALINA_OPTS引數具體如下
setlocal
set CATALINA_OPTS="-Djava.library.path=%CATALINA_HOME%\bin"