> From what I am told, the other application servers used in our company all have a configuration-driven way to disable the > TRACE HTTP. My project is the first one to try to use Tomcat as a "real" server.
The only workaround (and a recomended thing to do, anyway) is to use Apache as a front-end. Apache's security should kick in before it passes request to Tomcat via mod_jk2. Nix. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
