Apache Allow only GET and POST

Posted Under: Apache, Configuration, Linux, Tutorials, Windows on Sep 30, 2018
Apache Allow only GET and POST
HTTP protocol defines several Methods to access and modify content served on a server. Apache the most commonly use web server to date. It provide 9 HTTP methods. Most of the web applications and website use only 2 or 3 methods i.e. GET,POST and sometimes HEAD method. The rest of the 6 methods namely PUT, OPTIONS, TRACE, PATCH, CONNECT and DELETE are available but not in used. So as a good security practice it is advised to disable access to them. Open Apache httpd.conf file and in it add

# This Will Disable HTTP TRACE Method

TraceEnable Off

# Allow only GET & POST HTTP Method

<Location "/">
   AllowMethods GET POST
Save and restart Apache. Now only 2 request will be available if you add a new method simply append it. In scenarios where httpd.conf is not available, mostly on shared hosting environments, you need to have mod_rewrite enable first and then add these line in .htaccess file.
<IfModule mod_rewrite.c>
	RewriteRule .* - [F,L]
Here you specify methods that you want to block.