Service Catalog - Check whether HTTP method PUT or DELETE from Tomcat is blocked or not

book

Article ID: 16008

calendar_today

Updated On:

Products

CA Service Catalog CA Service Management - Service Desk Manager

Issue/Introduction

Service Catalog uses Tomcat and sometimes you will need to check whether  HTTP Methods PUT or DELETE from Tomcat that Catalog is using is actually blocked,  as a way to make sure that they are not exposed for cyber attack 

How to check whether or not the HTTP method PUT or DELETE from Tomcat ( used by Service Catalog ) is blocked ? 

Environment

Catalog 12.9, 14.1 , 17.0

Resolution

The best way to verify  if Tomcat HTTP methods  PUT or DELETE is to use a tool like postman   (  you can download postman app from  get postman app here  

See the screenshots below ,  all you need to do is to simply give catalog url and choose the method  and then click 'send' :

GET method is ‘permitted’

PUT method is ‘forbidden’

Additional Information

By default, Tomcat's HTTP PUT or DELETE method is blocked already.

Attachments

1558717464595000016008_sktwi1f5rjvs16ukp.gif get_app
1558717466498000016008_sktwi1f5rjvs16ukq.gif get_app