On 07/21/2011 02:01 PM, Aaron Freeman wrote: > On 7/21/2011 12:27 PM, Scott Ferguson wrote: >> On 07/20/2011 10:39 AM, Aaron Freeman wrote: >>> I'd like to disabled the HTTP CONNECT method. I don't know the best >>> way to do that, but I tried this and it's not working: >>> >>> <resin:Forbidden regexp='.*'> >>> <resin:IfMethod value="CONNECT"/> >>> </resin:Forbidden> >>> >>> The request is passed on and I receive a 200 OK response when I telnet >>> and test the CONNECT. >>> >>> What is the most efficient way to get Resin to deny those requests? >> That config works for me. (You don't need the regexp if you're matching >> everything, but it doesn't matter for this issue.) >> >> There is the<resin:Forbidden> tag? >> >> -- Scott >> > The config doesn't bomb, but in resin-pro-4.0.18 when I run this: > > > telnet localhost 80 > > then > > CONNECT http://localhost/ HTTP/1.0 > > I then get the home page and a 200 OK, instead of a 403 FORBIDDEN. > > You are able to get it to throw an appropriate HTTP 403?
Where is the <resin:Forbidden> tag? (<cluster>, <host>, <web-app>, resin-web.xml?) -- Scott > Thanks, > > Aaron > > > _______________________________________________ > resin-interest mailing list > [email protected] > http://maillist.caucho.com/mailman/listinfo/resin-interest > _______________________________________________ resin-interest mailing list [email protected] http://maillist.caucho.com/mailman/listinfo/resin-interest
