On 07/21/2011 02:01 PM, Aaron Freeman wrote:
> On 7/21/2011 12:27 PM, Scott Ferguson wrote:
>> On 07/20/2011 10:39 AM, Aaron Freeman wrote:
>>> I'd like to disabled the HTTP CONNECT method. I don't know the best
>>> way to do that, but I tried this and it's not working:
>>> <resin:Forbidden regexp='.*'>
>>> <resin:IfMethod value="CONNECT"/>
>>> The request is passed on and I receive a 200 OK response when I telnet
>>> and test the CONNECT.
>>> What is the most efficient way to get Resin to deny those requests?
>> That config works for me. (You don't need the regexp if you're matching
>> everything, but it doesn't matter for this issue.)
>> There is the<resin:Forbidden> tag?
>> -- Scott
> The config doesn't bomb, but in resin-pro-4.0.18 when I run this:
> > telnet localhost 80
> CONNECT http://localhost/ HTTP/1.0
> I then get the home page and a 200 OK, instead of a 403 FORBIDDEN.
> You are able to get it to throw an appropriate HTTP 403?
Where is the <resin:Forbidden> tag? (<cluster>, <host>, <web-app>,
> resin-interest mailing list
resin-interest mailing list