step by step: demonstrate blocked http-method DELETE request?

2005-03-04 Thread Ted Anagnost
Can someone show in a step by step way for standalone tomcat: 1. how to show that a DELETE vulnerability exists in tomcat using a telnet session for a sample file, let's say index.html 2. how to block the vulnerability by modifying web.xml 3. what telnet will show once the vulnerability has

Re: How to disable PUT, DELETE http methods etc if not using container managed security?

2005-03-01 Thread Ted Anagnost
is deny all, instead of role-name/ which is deny to all but the blank role). Since you are forbidding all access, you could also drop the user-data-constraint on the second one (since with it, TC will first redirect a PUT to SSL, and then deny it). Ted Anagnost [EMAIL PROTECTED] wrote in message

How to disable PUT, DELETE http methods etc if not using container managed security?

2005-02-25 Thread Ted Anagnost
Is there a way to prevent PUT or DELETE http methods if you're not using container managed security? If so, how? I already have this to force the use of https: security-constraint web-resource-collection web-resource-nameProtected Context/web-resource-name

Blank Page when using http://192.168.1.100/

2004-11-30 Thread Ted Anagnost
http://localhost/ works http://127.0.0.1/ works http://192.168.1.100/mysite/ works 192.168.1.100 is my internal IP http://192.168.1.100/ displays a BLANK PAGE 1. Why does it display a blank page when using http://192.168.1.100/ 2. What is the proper way to make all of these redirect to

Re: Blank Page when using http://192.168.1.100/

2004-11-30 Thread Ted Anagnost
Yes - Original Message - From: Mark Benussi [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 01, 2004 1:34 AM Subject: RE: Blank Page when using http://192.168.1.100/ Are you using a router? Original Message Follows From: Ted Anagnost [EMAIL PROTECTED] Reply

Re: http://localhost/ works but http://ip address/ doesn't

2004-03-26 Thread Ted Anagnost
Message- From: Ted Anagnost [mailto:[EMAIL PROTECTED] Sent: 24 March 2004 08:58 To: Tomcat Users List Subject: Re: http://localhost/ works but http://ip address/ doesn't Hello Doug, Last thing first. I did find you can set the IP with address=??? in the server.xml. Check

Re: http://localhost/ works but http://ip address/ doesn't

2004-03-24 Thread Ted Anagnost
Hello Doug, Last thing first. I did find you can set the IP with address=??? in the server.xml. Check for this. Unless you have a specific need to you can remove it. It's not there. Another thing is I tried to ping the computer again from a different external computer and got back no

Re: http://localhost/ works but http://ip address/ doesn't

2004-03-21 Thread Ted Anagnost
filter on an IP. Doug www.parsonstechnical.com - Original Message - From: Ted Anagnost [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 19, 2004 3:36 AM Subject: http://localhost/ works but http://ip address/ doesn't http://localhost/ works but http://ip address/ doesn't

http://localhost/ works but http://ip address/ doesn't

2004-03-19 Thread Ted Anagnost
http://localhost/ works but http://ip address/ doesn't. Internet Explorer gives a Cannot find server message. I have tomcat 5.0.18 (without apache). I can ping my IP externally. I have port forwarding enabled on my router. Is there something I need to do to server.xml to enable this to