Limit http methods

Posted on December 26, 2009, 11:50 pm, by Van Nhu.

I you have an apache server which you only use GET and POST methods I think it is better that you limit the access. Since there are many methods it is more convinient to use the opposite functions, limitExcept. Bellow is an example how it would look like. The limitExcept directive allows only GET and POST. All other request methods will be rejected.

NameVirtualHost xxx.xxx.xxx:80
<VirtualHost xxx.xxx.xxx:80>
        ServerName example.com
 
        DocumentRoot /path/to/doc/root
        <Directory /path/to/doc/root/>
                <LimitExcept POST GET>
                         Require valid-user
                </LimitExcept> 
                Options Indexes MultiViews FollowSymLinks
                Order Allow,Deny
                Allow from all
        </Directory>
...
</VirtualHost>

If you want to deny from the access you can use “Deny from all” instead of “Require valid-user”


Tags: , ,
Posted under: Apache
« Deny requests from specific ips, configured in virtual host
Limit access with firewall ufw »