[Esapi-user] help

Nithya2 B nithya2.b at tcs.com
Thu Aug 16 05:59:08 UTC 2012


Hi,

I'm using ESAPI for some security related issues in one of my app..

I just have  a query on that..

We wanted to deny all http GET methods and allow only POST methods except 
the Login.jsp..
pls let me know the configuration..

the following configuration is blocking the login screen from appearing as 
it is GET requests..

<url-rules>
  <restrict-extension deny=".jpg" /> 
  <restrict-method deny="GET" path=".*\/MyApp/.action$" /> 
  <restrict-method allow="(POST|TRACE)" /> 
 
 <enforce-https path="/.*">
  <path-exception>/MyApp/</path-exception> 
  <path-exception>/MyApp/Login.jsp</path-exception> 
   <path-exception type="regex">/MyApp/images/.*</path-exception> 
  <path-exception type="regex">/MyApp/css/.*</path-exception> 
  <path-exception type="regex">/MyApp/js/.*</path-exception> 
  <path-exception type="regex">/help/.*</path-exception> 
  </enforce-https>
  </url-rules>

Thanks
Nithya B
Tata Consultancy Services
Mailto: nithya2.b at tcs.com
Website: http://www.tcs.com
____________________________________________
Experience certainty.   IT Services
                        Business Solutions
                        Outsourcing
____________________________________________
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20120816/4b3c14b8/attachment.html>


More information about the Esapi-user mailing list