Specify the settings for limiting the HTTP-enabled methods in the following parameter in the <configuration> tag of the logical J2EE server (j2ee-server) in the Easy Setup definition file.

webserver.connector.inprocess_http.enabled_methods

Specifies the method name of an HTTP-enabled method.

For details on the Easy Setup definition file and the parameters to be specified, see 4.6 Easy Setup definition file in the uCosminexus Application Server Definition Reference Guide.

Hint

If a request containing the OPTIONS method is sent for the static contents, a request excluding the disabled methods for the in-process HTTP server from the enabled methods (GET method, POST method, TRACE method, and OPTIONS method) is returned for the static contents by default. In the case of servlets and JSPs, limiting the HTTP-enabled methods depends on the implementation of the Web application.

The following is the setting example for limiting the HTTP-enabled methods. Note that the following example shows the default settings:

 
...
<param>
 <param-name>webserver.connector.inprocess_http.enabled_methods</param-name>
 <param-value>GET, HEAD, POST, PUT, DELETE, OPTIONS</param-value>
</param>
...
 

In this example, access is allowed for the GET method, HEAD method, POST method, PUT method, DELETE method, and OPTIONS method and access is rejected for the TRACE method.