Tom Jordahl created QPID-8552:
---------------------------------
Summary: [Broker-J] Http management interface should ignore
OPTIONS command
Key: QPID-8552
URL: https://issues.apache.org/jira/browse/QPID-8552
Project: Qpid
Issue Type: Bug
Components: Broker-J
Affects Versions: qpid-java-broker-8.0.5
Reporter: Tom Jordahl
Many security scanning tools flag HTTP ports that respond to the OPTIONS
command.
Broker-J already blocks the TRACE command, it should also block the OPTIONS
command.
There are various ways of configuring Jetty to do this, but I have attached a
patch that mirrors the filter that blocks TRACE.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
