禁用tomcat6的webdav模块:
说明:开启webdav模块后可通过命令行或客户端对web进行在线上传、下载、修改、删除等操作,如控制不好会带来安全隐患
# vi /var/lib/tomcat6/conf/web.conf (在<web-app 下添加)
按a或i进入编辑模式
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
</web-resource-collection>
<auth-constraint>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<init-param>
<param-name>readonly</param-name>
<param-value>true</param-value>
</init-param>
按Esc键退出编辑模式
:wq (退出并保存)
# service tomcat6 restart
验证:
下载:
$ curl -v -X OPTIONS http://localhost:8080/index.html (如出现HTTP/1.1 403 Forbidden则说明禁用生效了)
上传:
$ curl -v -T a.html http://localhost:8080/aa/a.html (如出现HTTP/1.1 403 Forbidden则说明禁用生效了)
本文转自linux博客51CTO博客,原文链接http://blog.51cto.com/yangzhiming/1558199如需转载请自行联系原作者
yangzhimingg
