'JBOSS EAP 7 - Disable Trace Method

For security findings, we would like to disable certain HTTP methods like DELETE, TRACE in JBoss EAP 7. Is there a way to do this by using JBoss configuration?

jboss7.xtracejboss-eap-7disable


Solution 1:[1]

You can set the disallowed-methods on the Undertow subsystem. TRACE is disabled by default. With CLI it would look something like:

/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=disallowed-methods, value=["TRACE", "DELETE"])

This can also be done in the Web Console as well.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 James R. Perkins

Related Questions

How to trace dynamic instruction in spike (on RISC-V)

Any java async tracing framework?

log file that contains the execution flow of a C or C++ program

How to generate trace on armv8 Linux - CoreSight ETM - NVIDIA DRIVE AGX

Forward Jaeger traces to Datadog

Show call stack in Bash

Image contour tracing: Jacob's stopping criterion issue

How to auto instrument my Spring Boot web api call tracing and send to Google Cloud Trace

Dynamic instruction trace for Android Apps

Use Docker with same port as other program

MSC00001: Failed to start service jboss.deployment.unit

Getting an exception "Failed to start service jboss.module.service" for spring portlets

How to resolve unmarshalling error after JBOSS EAP server migration from 6.4 to 7.4.3?

Application throwing 500 error when image not found instead of 404

Disable check of camel case rule in eslint