How To Disable HTTP Methods in Apache

Channel: Linux
Abstract: this article will help you disable the HTTP methods for your Apache webserver.RewriteCond %{REQUEST_METHOD} ^(HEAD|PUT|DELETE|PATCH|TRACK|OPTIONS)

The HTTP methods are used to perform create, read, update, and delete (or CRUD) operations. The most common methods are POST, GET, PUT, PATCH, and DELETE. Its good practice to disable methods, which are unused and insecure like PUT, PATCH, and DELETE.

This tutorial explains, how to disable HTTP methods for an apache web server.

Disable HTTP Methods in Apache

Create a 「.htaccess」 file under the document root directory and add the following code. Make sure that the Apache rewrite module and .htaccess are enabled.

RewriteEngine On
RewriteRule .* - [F]

The above configuration will disable HEAD, PUT, DELETE, PATCH, TRACK, and OPTIONS methods.

Next, restart the Apache webserver to apply changes.

sudo systemctl restart apache2 
Verify Setup

You can verify changes using the curl command line utility. Let’s send a request from your system to verify that the server accepts specific header requests. For example, the below command will send an 「OPTIONS」 request to the server.

curl -i -X OPTIONS 
HTTP/1.1 403 Forbidden
Date: Thu, 30 Dec 2021 05:50:03 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 281
Content-Type: text/html; charset=iso-8859-1

<title>403 Forbidden</title>
<p>You don't have permission to access this resource.</p>
<address>Apache Server at Port 443</address>

You will see a forbidden message in the result. This means that the Apache server rejected the OPTIONS request.


Hopefully, this article will help you disable the HTTP methods for your Apache webserver.

Ref From: tecadmin
Channels: httpApache

Related articles