httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: [users@httpd] Block access to "OPTIONS *"
Date Thu, 11 Feb 2016 23:50:41 GMT
Hello,

On Thu, Feb 11, 2016 at 10:56 PM, Toomas Aas <toomas.aas@reach-u.com> wrote:
>
> Approach 1:
> -------------------------------------
> RewriteCond %{REQUEST_METHOD} OPTIONS
> RewriteRule .* - [R=405,L]
> -------------------------------------

You also need to set:
  RewriteOptions AllowAnyURI
for this to work.

But since this option could open some dangerous doors (see [1]), I
also suggest to use something like:
  RewriteRule ^[^/] - [R=403,L]
just after "Approach 1" above, so to deny any URI not starting with '/'.

Regards,
Yann.

[1] http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewriteoptions

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message