Question & Answer
Question
Is there a way to specify which HTTP methods (such as TRACE, TRACK, or OPTIONS) are enabled or disabled on WebSphere Application Server when a web server is not being used?
Answer
WebSphere Application Server does not have a configurable way to block request methods. However, individual applications can be configured to block the request methods by using the web.xml's <security-constraint>. Under that element, <http-method> and/or <http-method-omission> can be used.
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Was this topic helpful?
Document Information
Modified date:
29 January 2020
UID
ibm11284718