Apache - Forbidding HTTP Methods
Publicado: Vie Feb 05, 2021 2:05 pm
Hey everybody!
at this point you might be thinking that I'm paranoid with web security
but I found out that it's a good practice to block undesired HTTP Methods on Apache, in order to avoid some threats and increase the security of your server.
All you gotta do is:
1. open the httpd.conf file
2. load the rewrite module adding this line:
3. turn the rewriteengine ON, adding this line:
4. set the conditions and define which methods will be forbid, adding these lines:
*in this case I'm forbiding all these methods (PUT,PATCH,DELETE,COPY,HEAD,LINK,UNLINK,PURGE,LOCK,UNLOCK,PROPFIND,VIEW,TRACE,TRACK,OPTIONS) on Apache, basically only GET and POST are allowed.
Now you can go to Postman (software that allows you to send some HTTP requests and test your applications) and try to send any of these methods, it will return a 403 - Forbidden Error.
and that's it!
at this point you might be thinking that I'm paranoid with web security
but I found out that it's a good practice to block undesired HTTP Methods on Apache, in order to avoid some threats and increase the security of your server.
All you gotta do is:
1. open the httpd.conf file
2. load the rewrite module adding this line:
Código: Seleccionar todo
LoadModule rewrite_module modules/mod_rewrite.so
Código: Seleccionar todo
RewriteEngine On
Código: Seleccionar todo
RewriteCond %{REQUEST_METHOD} ^(PUT|PATCH|DELETE|COPY|HEAD|LINK|UNLINK|PURGE|LOCK|UNLOCK|PROPFIND|VIEW|TRACE|TRACK|OPTIONS)
RewriteRule .* - [F]
Now you can go to Postman (software that allows you to send some HTTP requests and test your applications) and try to send any of these methods, it will return a 403 - Forbidden Error.
and that's it!