How to check whether HTTP method PUT or DELETE from Tomcat used by catalog is blocked or not ?

book

Article ID: 16008

calendar_today

Updated On:

Products

CA Service Catalog CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager

Issue/Introduction

Catalog is using Tomcat .  Sometimes you will need to check whether  HTTP Methods PUT or DELETE from tomcat that catalog is using  is actually blocked   so that you can   make sure that they are not exposed for cyber attack 



How to check whether or not the HTTP method PUT or DELETE from Tomcat ( used by catalog )  is blocked  ? 

Environment

catalog 12.9, 14.1 , 17.0

Resolution

The best way to verify  if Tomcat HTTP methods  PUT or DELETE is to use a tool like postman   (  you can download postman app from  get postman app here  

See the screenshots below ,  all you need to do is to simply give catalog url and choose the method  and then click 'send' :

GET method is ‘permitted’

 

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKotAAG" alt="GET.gif" width="880" height="417">

PUT method is ‘forbidden’

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKouAAG" alt="PUT.gif" width="1061" height="494">

 

Note :

By default,  Tomcat's HTTP PUT or DELETE method is blocked already .

 

 

Attachments

1558717466498000016008_sktwi1f5rjvs16ukq.gif get_app
1558717464595000016008_sktwi1f5rjvs16ukp.gif get_app