0

We have a webservice hosted in our server. Recently our CLient did the penetration testing. So there was one finding in that.

We are using axis2 API.

So they have asked us to disable the HTTP GET Method.

Can anybody tell me where we need to this and how.

Ankur Singhal
  • 26,012
  • 16
  • 82
  • 116
  • 4
    It should be in the configuration section for your servlet context. For instance, see here: http://stackoverflow.com/questions/8069640/whitelist-security-constraint-in-web-xml – aroth Apr 11 '12 at 05:36
  • 4
    First, you might want to accept some previous answers before you get any responses. Just sayin' – OnResolve Apr 11 '12 at 05:36
  • Please check [this link](http://www.techstacks.com/howto/disable-http-methods-in-tomcat.html) – Santosh Apr 11 '12 at 07:26

1 Answers1

-1

you can use the Apache's mod_allowmethod to whitelist the methods

install the mod_allowmwthod if not installed , let's say you need to allow only POST and PUT , you use the following configuration

<Location "/">
   AllowMethods POST PUT
</Location>

you can check this https://httpd.apache.org/docs/2.4/mod/mod_allowmethods.html

Ayman
  • 193
  • 1
  • 8