🤩 New Cool Developer Tools for you. Explore →
FREE JavaScript Video Series Start Learning →
FLAT 75% OFF All Interactive courses at flat ₹250 / $3.25 only. HURRRRRY!! Explore now
  Signup/Sign In
Tests
MCQs to test your knowledge.
Forum
Engage with the community.
Compilers
Compilers to execute code in browser.
Index
PUBLISHED ON: MARCH 9, 2023

Restrict HTTP request methods in Apache server?

HTTP methods, sometimes also reffered as HTTP verbs, are the actions that can be performed on a endpoint. Some commonly used HTTP methods include GET, POST, PUT, DELETE, and HEAD. While it is important to allow certain HTTP methods for proper functionality of a website or application, it is also important to restrict certain methods to ensure security and prevent unauthorized actions. In this article, we will discuss how to allow/restrict specific HTTP methods in Apache server.

Configure Apache to allow/restrict certain HTTP methods or verbs

To restrict HTTP methods in Apache servers, we need to modify the apache configuration file for your website or virtual host. In Apache servers, this is typically the .htaccess file located in the (web) root directory of your website. If you do not have this file, you can create it by executing this command:

$ sudo touch /var/www/domain.com/public_html/.htaccess

To restrict HTTP methods in apache, you will need to use the Limit directive. This directive allows you to specify which methods should be allowed and denied. For example, to allow only GET and PUT methods, you would use the following configuration:

<Limit GET PUT>
    Order allow,deny
    Allow from all
</Limit>

To restrict all HTTP methods except for GET and PUT, you would use the following configuration:

<LimitExcept GET PUT>
    Order deny,allow
    Deny from all
</LimitExcept>

It is very important to note that the Limit and LimitExcept directives apply to all resources on the server, not just for a specific file or directory.

Commands:

In addition to modifying the Apache configuration file, you can also use the following Apache commands to restrict HTTP methods:

  • mod_rewrite: This Apache module allows you to rewrite URLs based on certain rules. To restrict HTTP methods using mod_rewrite, you can use the following rule in your server config:
RewriteEngine On
RewriteCond %{REQUEST_METHOD} !^(GET|PUT)$
RewriteRule .* - [F]

This rule will block all requests which is not a GET or PUT method.

  • mod_authz_host: This module allows you to control access to resources based on hostname, IP address, and other factors. To restrict HTTP methods using mod_authz_host, you can use the following configuration:
<Location />
    Order allow,deny
    Allow from all
    <Limit GET PUT>
        Allow from all
    </Limit>
</Location>

This configuration will allow all GET and PUT methods, but block all other HTTP request methods.

Conclusion

In this tutorial, we learnt that restricting HTTP methods is a very important security measure to prevent unauthorized actions on our website or application. By updating the configuration file and using Apache commands, you can easily allow/restrict HTTP request methods in Apache servers. It is really important to carefully consider which verbs to allow and restrict to ensure proper functionality and security of your website or application.

Want to learn coding?
Try our new interactive courses.
View All →
Over 20,000+ students enrolled.
About the author:
sam5epi0l
Pradeep has expertise in Linux, Go, Nginx, Apache, CyberSecurity, AppSec and various other technical areas. He has contributed to numerous publications and websites, providing his readers with insightful and informative content.
Learn to Code
Learn and practice coding side-by-side.
NEW
C language Course
115+ coding exercises
Javascript Course
85+ coding exercises
More →