View Revisions: Issue #2616
Summary | 0002616: Tighten up default Jetty HTTP security settings | ||
---|---|---|---|
Revision | 2016-06-02 20:18 by mmichalek | ||
Description | 1. Disallow directory listings from Jetty. 2. Disallow the OPTIONS HTTP method by default. This change allows for 3 new properties in symmetric-server.properties: server.allow.dir.list=true|false, default is false. server.allow.http.methods=a comma delimited list of HTTP methods which are allowed. When specified, methods that are not in this list will be forbidden (HTTP 403). e.g. "GET,POST,HEAD". default is blank. server.disallow.http.methods=a comma delimited list of HTTP methods which are NOT allowed. Any method on this list will always result in HTTP 403. The default value is "OPTIONS". |
||
Revision | 2016-05-26 13:35 by mmichalek | ||
Description | 1. Disallow directory listings from Jetty. 2. Only allow HTTP methods that are used by SymmetricDS (e.g. GET,POST). |