On 7/21/2011 12:27 PM, Scott Ferguson wrote:
> On 07/20/2011 10:39 AM, Aaron Freeman wrote:
>> I'd like to disabled the HTTP CONNECT method. I don't know the best
>> way to do that, but I tried this and it's not working:
>> <resin:Forbidden regexp='.*'>
>> <resin:IfMethod value="CONNECT"/>
>> The request is passed on and I receive a 200 OK response when I telnet
>> and test the CONNECT.
>> What is the most efficient way to get Resin to deny those requests?
> That config works for me. (You don't need the regexp if you're matching
> everything, but it doesn't matter for this issue.)
> There is the<resin:Forbidden> tag?
> -- Scott
The config doesn't bomb, but in resin-pro-4.0.18 when I run this:
> telnet localhost 80
CONNECT http://localhost/ HTTP/1.0
I then get the home page and a 200 OK, instead of a 403 FORBIDDEN.
You are able to get it to throw an appropriate HTTP 403?
resin-interest mailing list