How to explicitly block HTTP method PUT or DELETE from Tomcat used by catalog ?

Document ID : KB000016115
Last Modified Date : 14/02/2018
Show Technical Document Details

Catalog is using tomcat server .  HTTP Methods PUT DELETE and OPTIONS from tomcat are unsafe .  It needs to be blocked to avoid Cyber attacks .  


How to explicitly block unsafe HTTP Methods PUT DELETE and OPTIONS from tomcat used by catalog ?

catalog 12.9, 14.1 ,17.0
Note :  With recent Tomcat version ( for example ,  Tomcat6 , Tomcat 7 ) ,  by default configuration , method  PUT  or DELETE should be  blocked already .    To check and verify if Tomcat Method PUT or Delete is blocked or not ,  you can check  the techdoc TEC1916899 . 
In case  it is not blocked ,  you can  do the following to explicitly block HTTP Methods PUT  and DELETE and OPTIONS from Tomcat that catalog is using :
1)  first ,  please make a backup copy of web.xml  (  it is under USM_HOME\view\webapps\usm\WEB-INF\  folder on catalog server before you modify it . 
2)  edit web.xml via notepad++  ,  add the following highlighted lines ( in yellow )  into the following section  :
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="" xmlns:xsi=""
xsi:schemaLocation="" metadata-complete="true">
<display-name>CA Service View</display-name>
<distributable />
<absolute-ordering />
<web-resource-name>restricted methods</web-resource-name>
<auth-constraint />
then save it  
3)   recycle catalog service to pick up this change . 


Additional Information: