HOWTO: Disable HTTP Methods in Apache

<h3 class="entry-header" style="margin-top: 0px; margin-bottom: 5px; margin-right: 0px; margin-left: 0px; font-size: 22px; font-family: 'Helvetica Neue', Geneva, Arial, Verdana, sans-serif; line-height: 20px; text-align: left;">HOWTO: Disable HTTP Methods in Apache</h3>
<div class="entry-content" style="clear: both; margin-top: 5px; margin-right: 0px; margin-bottom: 5px; margin-left: 0px; color: #333333; font-family: 'Helvetica Neue', Geneva, Arial, Verdana, sans-serif; font-size: 14px; line-height: 20px; text-align: left;">
<div class="entry-body" style="clear: both;">
<h3 style="margin-top: 10px; margin-bottom: 10px; color: black;">Introduction</h3>

<p style="margin-top: 10px; margin-bottom: 10px;">There are a minimum of four components to a mod_rewrite rule; the directive that loads the module, the directive that turns the rewrite engine on, a rewrite condition, and a rewrite rule.

<pre> LoadModule??rewrite_module??path/to/apache/modules/mod_rewrite.so</pre>
<p style="margin-top: 10px; margin-bottom: 10px;">To enable the rewrite engine, add the following:

<h3 style="margin-top: 10px; margin-bottom: 10px; color: black;">The Disable HTTP Methods Rewrite Rule</h3>
<p style="margin-top: 10px; margin-bottom: 10px;">Since we are looking to disable specific http methods in this HOWTO, our rewrite rule has two components: a condition and the rule to be applied when that condition is met. In this HOWTO, my example rule will disable both HTTP TRACE and HTTP TRACK requests, (even though TRACK isn't supported by Apache) as well as HTTP OPTIONS requests, (even though disabling HTTP OPTIONS isn't necessarily a best practice). Below is the rule:
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
RewriteRule .* - [F]</pre>
<p style="margin-top: 10px; margin-bottom: 10px;">The first line in the rule uses a built in server variable called REQUEST_METHOD. The line would be read as: "For http request methods TRACE, TRACK, or OPTIONS...". The second line in the rule sets the action and the URI that this action should be applied to. The line above would be read as: "forbid access for all URIs". Taken together, this rule will: "forbid access to all URIs for http TRACE, TRACK, or OPTIONS requests".
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值