How to disable TRACE, PUT, DELETE protocols in Glassfish V3 prelude?

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: <glassfish_at_javadesktop.org>
Date: Wed, 02 Dec 2009 01:36:07 PST

I am asking the same old question as solution has not worked with my case.

The question is " How to disable TRACE, PUT, DELETE protocols in Glassfish V3 prelude?

Through admin gui console I added "traceEnabled" property and set its value "false" under http-listener. It is not working . The Nikto is showing message like
-------------------------------
OSVDB-0 : Allowed HTTP Methods: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS
---------------------------------

Then I found "domain.xml" file under .../lib/templets folder. I manually added the following entry under <http-service>

------------------------------------------------
<property value="false" name="traceEnabled" />
</http-service>
------------------------------------------------
It also not worked as per expectation. NiKto is till showing the message indicating the TRACE is enabled.

Please help
[Message sent by forum member 'sspadmin' ]

http://forums.java.net/jive/thread.jspa?messageID=374263