Disabling Unused HTTP Verbs
It is prudent to disable all unused HTTP verbs so that they cannot be used by intruders.
In the default JasperReports Server installation, the following HTTP verbs are not used, but they are allowed. However, to facilitate your disabling the verbs, they are listed in a single block of code in <js-webapp>/WEB-INF/web.xml. As in the code immediately above, the URL pattern /* applies the security constraint to all access to the server, including web service requests.
The list is commented out by default because it has not been exhaustively tested with all system configurations and platforms. |
After uncommenting the security constraint, your final code should be like the following:
Recommended Comments
There are no comments to display.