web Security tomcat disables WebDAV or disables unwanted HTTP methods

WebDAV

WebDAV (ES5en-ES6en Distributed and Versioning) is a communication protocol based on HTTP 1.1. It is HTTP 1.1 add 1 some extensions (is in GET, POST and HEAD HTTP added some new method 1) beyond standard method, allows the application to write directly to the file Web Server, and when the file is written to the file lock, unlock after writing to files, can also support the file version control. This protocol greatly increases the value of Web as a creative medium for us. WebDAV - based can achieve a powerful content management system or configuration management system.
Now the mainstream WEB server 1 generally support WebDAV, WebDAV convenience, ah, needless to say, VS. NET development ASP. Net application friends should know, new/modified WEB project, in fact, is through WebDAV+FrontPage extension to achieve, I will more detailed introduction 1, WebDAV in tomcat configuration.

How to ban

How do you disable protocols such as DELETE, PUT, OPTIONS, TRACE, HEAD from accessing application applications?

The solution
Step 1: Modify the protocol for the application's ES46en.xml file

<?xml version="1.0" encoding="UTF-8"?> 
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" 
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
 xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" 
 version="2.4"> 

Step 2: Add the following code to the application's ES51en.xml

<security-constraint> 
 <web-resource-collection> 
  <url-pattern>/*</url-pattern> 
  <http-method>PUT</http-method> 
<http-method>DELETE</http-method> 
<http-method>HEAD</http-method> 
<http-method>OPTIONS</http-method> 
<http-method>TRACE</http-method> 
 </web-resource-collection> 
 <auth-constraint> 
 </auth-constraint> 
 </security-constraint> 
 <login-config> 
 <auth-method>BASIC</auth-method> 
 </login-config>