HTTP protocol defines several Methods to access and modify content served on a server. Apache the most commonly use web server to date. It provide 9 HTTP methods. Most of the web applications and website use only 2 or 3 methods i.e. GET,POST and sometimes HEAD method. The rest of the 6 methods namely PUT, OPTIONS, TRACE, PATCH, CONNECT and DELETE are available but not in used. So as a good security practice it is advised to disable access to them. Open Apache
httd.conf file and in it add
<Location "/">
AllowMethods GET POST
</Location>
Save and restart Apache. Now only 2 request will be available if you add a new method simply append it.
In scenarios where
httd.conf is not available, mostly on shared hosting environments, you need to have mod_rewrite enable first and then add these line in
.htaccess file.
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_METHOD} ^(HEAD|PUT|OPTIONS|TRACE|PATCH|CONNECT|DELETE) [NC]
RewriteRule .* - [F,L]
</IfModule>
Here you specify methods that you want to block.
