users@glassfish.java.net

Re: Disable HTTP TRACE

From: <glassfish_at_javadesktop.org>
Date: Fri, 04 Dec 2009 09:10:05 PST

I don't know what to tell you. As per Nessus Scan trace is still enabled

see below output from domain.xml

<http-service>
  <access-log format="%client.name% %auth-user-name% %datetime% %request% %status% %response.length%" rotation-enabled="true" rotation-interval-in-minutes="15" rotation-policy="time" rotation-suffix="yyyy-MM-dd" />
  <http-listener acceptor-threads="1" address="0.0.0.0" blocking-enabled="false" default-virtual-server="__asadmin" enabled="true" family="inet" id="admin-listener" port="10048" security-enabled="false" server-name="" xpowered-by="true" />
- <virtual-server hosts="${com.sun.aas.hostName}" id="server" log-file="${com.sun.aas.instanceRoot}/logs/server.log" state="on">
  <property name="docroot" value="${com.sun.aas.instanceRoot}/docroot" />
  <property name="accesslog" value="${com.sun.aas.instanceRoot}/logs/access" />
  <property name="sso-enabled" value="false" />
  </virtual-server>
- <virtual-server hosts="${com.sun.aas.hostName}" http-listeners="admin-listener" id="__asadmin" log-file="${com.sun.aas.instanceRoot}/logs/server.log" state="on">
  <property name="docroot" value="${com.sun.aas.instanceRoot}/docroot" />
  <property name="accesslog" value="${com.sun.aas.instanceRoot}/logs/access" />
  <property name="sso-enabled" value="false" />
  </virtual-server>
  <request-processing header-buffer-length-in-bytes="8192" initial-thread-count="2" request-timeout-in-seconds="30" thread-count="5" thread-increment="1" />
  <keep-alive max-connections="250" thread-count="1" timeout-in-seconds="30" />
  <connection-pool max-pending-count="4096" queue-size-in-bytes="4096" receive-buffer-size-in-bytes="4096" send-buffer-size-in-bytes="8192" />
  <http-protocol default-response-type="AttributeDeprecated" default-type="text/html; charset=iso-8859-1" dns-lookup-enabled="false" forced-response-type="AttributeDeprecated" forced-type="text/html; charset=iso-8859-1" ssl-enabled="true" version="HTTP/1.1" />
  <http-file-cache file-caching-enabled="true" file-transmission-enabled="false" globally-enabled="true" hash-init-size="0" max-age-in-seconds="30" max-files-count="1024" medium-file-size-limit-in-bytes="537600" medium-file-space-in-bytes="10485760" small-file-size-limit-in-bytes="2048" small-file-space-in-bytes="1048576" />
  <property name="traceEnabled" value="false" />
  <property name="accessLoggingEnabled" value="false" />
  </http-service>
[Message sent by forum member 'drumik' ]

http://forums.java.net/jive/thread.jspa?messageID=374769
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.