<tutorialjinni.com/>

Apache Allow only GET and POST

Posted Under: Apache, Configuration, Linux, Tutorials, Windows on Sep 30, 2018
Apache Allow only GET and POST
HTTP protocol defines several Methods to access and modify content served on a server. Apache the most commonly use web server to date. It provide 9 HTTP methods. Most of the web applications and website use only 2 or 3 methods i.e. GET,POST and sometimes HEAD method. The rest of the 6 methods namely PUT, OPTIONS, TRACE, PATCH, CONNECT and DELETE are available but not in used. So as a good security practice it is advised to disable access to them. Open Apache httpd.conf file and in it add 




# This Will Disable HTTP TRACE Method

TraceEnable Off

# Allow only GET & POST HTTP Method

<Location "/">
   AllowMethods GET POST
</Location>
Save and restart Apache. Now only 2 request will be available if you add a new method simply append it. In scenarios where httpd.conf is not available, mostly on shared hosting environments, you need to have mod_rewrite enable first and then add these line in .htaccess file. 
<IfModule mod_rewrite.c>
	RewriteCond %{REQUEST_METHOD} ^(HEAD|PUT|OPTIONS|TRACE|PATCH|CONNECT|DELETE) [NC]
	RewriteRule .* - [F,L]
</IfModule>
Here you specify methods that you want to block.


imgae