Hi,
I've seen the post about disabling TRACE/TRACK methods in Wildfly 10. Unfortunately it doesn't seem to work.
I'm using the standalone-full configuration. I've set the disallowed-methods attribute in the http-listener:
<subsystem xmlns="urn:jboss:domain:undertow:3.0">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https" disallowed-methods="TRACE TRACK"/>
I set a break point in io.undertow.server.handlers.DisallowedMethodHandler in the handleRequest method.
When I run curl -v -X TRACE http://localhost:8080/ the break point is not reached and I get the following output:
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> TRACE / HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.46.0
> Accept: */*
>
* Empty reply from server
* Connection #0 to host localhost left intact
curl: (52) Empty reply from server
When I run curl -v -X TRACK http://localhost:8080/ the break point is reached and I get the following output:
Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> TRACK / HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.46.0
> Accept: */*
>
< HTTP/1.1 405 Method Not Allowed
< Connection: keep-alive
< Content-Length: 0
< Date: Wed, 08 Jun 2016 20:35:43 GMT
<
* Connection #0 to host localhost left intact
Any help would be really appreciated.
Thanks