Is the HTTP Trace method enabled in the Tomcat server on Enforce?

book

Article ID: 160152

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

You are trying to determine if the HTTP Trace method is enabled by default in the Tomcat server installed on the Enforce server.

Resolution

No. By default HTTP Trace is not defined in the Tomcat configurations which, per Tomcat documentation, means it is disabled.

You can verify if this setting has been manually changed in your install of Enforce by following the steps below:
  1. On the Enforce server, browse to <install root>\Vontu\Protect\tomcat\conf
  2. Open the file 'server.xml'
  3. Locate the '<Connector ...>' tag and look for an 'allowTrace' variable
  4. If there is no 'allowTrace' variable or if it is defined and set to 'false', then HTTP Trace is disabled
  5. If it exists and is set to 'true', the HTTP Trace method is enabled (this is not the default and would indicate it has been manually changed at some point)

Examples:

  • Default 'Connector' tag with HTTP Trace not defined and thus disabled:
    <Connector URIEncoding="UTF-8" acceptCount="100" clientAuth="false" debug="0" disableUploadTimeout="true" enableLookups="false" keystoreFile="conf/.keystore" keystorePass="protect" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="443" scheme="https" secure="true" sslProtocol="TLS" />
  • 'Connector' tag with HTTP Trace explicitly disabled:
    <Connector URIEncoding="UTF-8" acceptCount="100" clientAuth="false" debug="0" disableUploadTimeout="true" enableLookups="false" keystoreFile="conf/.keystore" keystorePass="protect" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="443" scheme="https" secure="true" sslProtocol="TLS" allowTrace="false" />
  • 'Connector' tag with HTTP Trace explicity enabled:
    <Connector URIEncoding="UTF-8" acceptCount="100" clientAuth="false" debug="0" disableUploadTimeout="true" enableLookups="false" keystoreFile="conf/.keystore" keystorePass="protect" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="443" scheme="https" secure="true" sslProtocol="TLS" allowTrace="true" />

WARNING: Modifying the 'server.xml' file in any way will place your install of Enforce in an unsupportable state and could render your server inoperable or unstable.