Blogging Techstacks

I've just published a new HOWTO article on my companion site for those who want to know (or are being made to learn how to do it by some security guy) how to disable access to methods within Tomcat. In Apache, it's really easy but doing it in Tomcat requires looking through the java servlet specification and learning about security constraints. The HOWTO provides a very high level overview of what a security constraint is and provides a couple of basic examples. Please let me know what you think!

HOWTO: Disable HTTP Methods in Tomcat

Incidentally, this works in JBoss, too, as well as any Java Servlet specification-compliant container

This article serves more as a reminder for me than anything else, since I'm always forgetting the last step.  However, if it serves useful to anyone else out there...great!  

One of the first things I wanted to tackle when we got our spiffy new BigIPs in several years ago was persisting user sessions to tomcat or jboss application servers using iRules.  There are lots of examples of persisting traffic based on JSESSIONID, ASPSESSIONID, etc., but one thing that the budding application traffic manager may not necessarily realize from browsing CodeShare on F5's DevCentral site (login required) is that you don't (always) simply code an irule and attach it to your VIP.  There are a couple steps necessary and this new HOWTO article outlines those steps.

Go to HOWTO: Set Up JSESSIONID-Based Persistence on a BigIP now.

I have just uploaded a new article for those of you looking to disable trace and track on your BigIP-managed VIPs onto my HOWTO mini-site. The article is located here.