On 07/21/2011 02:01 PM, Aaron Freeman wrote:
> On 7/21/2011 12:27 PM, Scott Ferguson wrote:
>> On 07/20/2011 10:39 AM, Aaron Freeman wrote:
>>> I'd like to disabled the HTTP CONNECT method.   I don't know the best
>>> way to do that, but I tried this and it's not working:
>>>
>>> <resin:Forbidden regexp='.*'>
>>> <resin:IfMethod value="CONNECT"/>
>>> </resin:Forbidden>
>>>
>>> The request is passed on and I receive a 200 OK response when I telnet
>>> and test the CONNECT.
>>>
>>> What is the most efficient way to get Resin to deny those requests?
>> That config works for me. (You don't need the regexp if you're matching
>> everything, but it doesn't matter for this issue.)
>>
>> There is the<resin:Forbidden>   tag?
>>
>> -- Scott
>>
> The config doesn't bomb, but in resin-pro-4.0.18 when I run this:
>
>   >  telnet localhost 80
>
> then
>
> CONNECT http://localhost/ HTTP/1.0
>
> I then get the home page and a 200 OK, instead of a 403 FORBIDDEN.
>
> You are able to get it to throw an appropriate HTTP 403?

Where is the <resin:Forbidden> tag? (<cluster>, <host>, <web-app>, 
resin-web.xml?)

-- Scott

> Thanks,
>
> Aaron
>
>
> _______________________________________________
> resin-interest mailing list
> resin-interest@caucho.com
> http://maillist.caucho.com/mailman/listinfo/resin-interest
>



_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Reply via email to