How to check whether HTTP method PUT or DELETE from Tomcat used by catalog is blocked or not ?

Article Id: 16008
Status: Published
Updated On: 14-02-2018 06:50
Legacy Id: TEC1916899
Products:
CA Service Catalog , CA Service Management - Asset Portfolio Management , CA Service Management - Service Desk Manager
Issue/Introduction:

Catalog is using Tomcat .  Sometimes you will need to check whether  HTTP Methods PUT or DELETE from tomcat that catalog is using  is actually blocked   so that you can   make sure that they are not exposed for cyber attack 



How to check whether or not the HTTP method PUT or DELETE from Tomcat ( used by catalog )  is blocked  ? 

Environment:

catalog 12.9, 14.1 , 17.0

Resolution:

The best way to verify  if Tomcat HTTP methods  PUT or DELETE is to use a tool like postman   (  you can download postman app from  get postman app here  

See the screenshots below ,  all you need to do is to simply give catalog url and choose the method  and then click 'send' :

GET method is ‘permitted’

 

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKotAAG" alt="GET.gif" width="880" height="417">

PUT method is ‘forbidden’

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKouAAG" alt="PUT.gif" width="1061" height="494">

 

Note :

By default,  Tomcat's HTTP PUT or DELETE method is blocked already .

 

 

insert_drive_file 1558717466498000016008_sktwi1f5rjvs16ukq.gif
arrow_downward Download
insert_drive_file 1558717464595000016008_sktwi1f5rjvs16ukp.gif
arrow_downward Download