Disabling OPTIONS and DELETE in Apache
Posted: Wed Aug 28, 2019 3:53 pm
Hey Folks,
Our compliance and security team regularly scans all servers for potential security leaks. They want the OPTIONS and DELETE disabled on the Servoy app server. After searching for a while - I found the snippet I was looking for:
I'm not sure where to place it in the web.xml config file.... when I try to just place it at the end - the service won't start - with this error:
This is Servoy 7.4.10 on Java 1.8.0_221 on Windows Server 2008
Any help would be greatly appreciated!
Bob
Our compliance and security team regularly scans all servers for potential security leaks. They want the OPTIONS and DELETE disabled on the Servoy app server. After searching for a while - I found the snippet I was looking for:
- Code: Select all
<security-constraint>
<web-resource-collection>
<web-resource-name>Forbidden</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>OPTIONS</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint />
</security-constraint>
I'm not sure where to place it in the web.xml config file.... when I try to just place it at the end - the service won't start - with this error:
- Code: Select all
ERROR [WrapperSimpleAppMain] com.servoy.j2db.util.Debug - Cannot load mime type mappings from web.xml:
org.xml.sax.SAXParseExceptionpublicId: C:\Servoy_7_4\application_server\server\conf\web.xml; lineNumber: 4668; columnNumber: 2; The markup in the document following the root element must be well-formed.
at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$TrailingMiscDriver.next(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(Unknown Source)
at com.servoy.j2db.server.main.Zrb.Za(Zrb.java:18)
at com.servoy.j2db.server.main.ApplicationServer.Za(ApplicationServer.java:321)
at com.servoy.j2db.server.main.ApplicationServer.Za(ApplicationServer.java:97)
at com.servoy.j2db.server.main.Zob.start(Zob.java:49)
at com.servoy.j2db.server.main.ApplicationServer.main(ApplicationServer.java:641)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:238)
at java.lang.Thread.run(Unknown Source)
This is Servoy 7.4.10 on Java 1.8.0_221 on Windows Server 2008
Any help would be greatly appreciated!
Bob