2 Replies Latest reply on Jun 9, 2016 4:17 AM by Tomaz Cerar

    Wildfly 10, Disabling TRACE Method

    John DeStefano Apprentice

      Hi,

       

      I've seen the post about disabling TRACE/TRACK methods in Wildfly 10. Unfortunately it doesn't seem to work.

       

      I'm using the standalone-full configuration. I've set the disallowed-methods attribute in the http-listener:

       

      <subsystem xmlns="urn:jboss:domain:undertow:3.0">

                  <buffer-cache name="default"/>

                  <server name="default-server">

                      <http-listener name="default" socket-binding="http" redirect-socket="https" disallowed-methods="TRACE TRACK"/>


      I set a break point in io.undertow.server.handlers.DisallowedMethodHandler in the handleRequest method.


      When I run curl -v -X TRACE http://localhost:8080/ the break point is not reached and I get the following output:


      *   Trying 127.0.0.1...

      * Connected to localhost (127.0.0.1) port 8080 (#0)

      > TRACE / HTTP/1.1

      > Host: localhost:8080

      > User-Agent: curl/7.46.0

      > Accept: */*

      >

      * Empty reply from server

      * Connection #0 to host localhost left intact

      curl: (52) Empty reply from server

       

      When I run curl -v -X TRACK http://localhost:8080/ the break point is reached and I get the following output:

       

      Trying 127.0.0.1...

      * Connected to localhost (127.0.0.1) port 8080 (#0)

      > TRACK / HTTP/1.1

      > Host: localhost:8080

      > User-Agent: curl/7.46.0

      > Accept: */*

      >

      < HTTP/1.1 405 Method Not Allowed

      < Connection: keep-alive

      < Content-Length: 0

      < Date: Wed, 08 Jun 2016 20:35:43 GMT

      <

      * Connection #0 to host localhost left intact

       

       

      Any help would be really appreciated.

       

       

      Thanks