Hi Tomcat Team, We have a unique situation. We wanted to block ALL *OPTIONALS* HTTP method on port 80 and 443.
We have connector definitions as follows: <Connector executor="tomcatThreadPool" port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> --> --> <Connector port="${tomcat.secure.port}" protocol="org.apache.coyote.http11.Http11NioProtocol" relaxedPathChars="[\\]^`{|}" relaxedQueryChars="[\\]^`{|}" address="${tomcat.address}" minSpareThreads="100" maxThreads="200" SSLEnabled="true" scheme="https" secure="true" maxSwallowSize="-1" maxPostSize="-1"> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" readTimeout="50000" streamReadTimeout ="-1" streamWriteTimeout="-1" overheadContinuationThreshold="0" overheadDataThreshold="0" overheadWindowUpdateThreshold="0"/> </Connector> and we have an application filter to block and return 405. This works for HTTPS port 443. But request going to HTTP port 80 always get redirected regardless of the method. curl -i -k -X OPTIONS http://10.43.243.8/versa/ *HTTP/1.1 302* Cache-Control: private Location: https://10.43.243.8/versa/ Content-Length: 0 Date: Fri, 07 Oct 2022 16:58:27 GMT Server: Versa Director curl -i -k -X OPTIONS https://10.43.243.8/versa/ *HTTP/2 405* cache-control: private content-length: 0 date: Fri, 07 Oct 2022 16:58:51 GMT We wanted to block OPTIONS on port 80 as well, it seems to me that tomcat internally (via connector) redirects requests without application code. How can I achieve blocking OPTIONS, TRACE, and CONNECT HTTP methods on port 80 while redirect is ON for the connector? Any pointers or help is greatly appreciated. Thanks, Bhavesh