Apache HTTP Server, colloquially known as Apache, is one of the most popular and widely used web server software systems in the world. It offers numerous features, including the ability to restrict access to resources based on HTTP methods. This can be particularly important in cases where you want to allow only certain types of HTTP requests, like GET and POST, for reasons related to security or application logic.
In this article, we will discuss how to configure an Apache web server to only allow GET and POST methods. The process involves editing the Apache configuration file, which can be either httpd.conf or apache2.conf, or the .htaccess file located in the directory of the web resources you want to secure.
Note: The instructions provided in this article assume that you already have a working Apache server. If not, you’ll need to install and configure Apache first.
Steps to Limit GET and POST Methods in Apache:
1. Locate the Configuration File
The Apache configuration file’s location depends on the operating system and the method of installation. It’s generally located in /etc/apache2/ for Ubuntu/Debian systems and in /etc/httpd/ for CentOS/RHEL systems. For example:
1 2 | /etc/apache2/apache2.conf # Ubuntu/Debian /etc/httpd/conf/httpd.conf # CentOS/RHEL |
Alternatively, you can use the .htaccess file to control access to specific directories. If it doesn’t exist, you can create one in the directory of the resources you want to secure.
2. Edit the Configuration File
Use a text editor of your choice (e.g., nano, vi, emacs) to open and edit the configuration file.
sudo nano /etc/apache2/apache2.conf# Ubuntu/Debiansudo nano /etc/httpd/conf/httpd.conf# CentOS/RHEL
3. Set the Access Controls
For allowing only GET and POST methods, add the following configuration block to the file. This block may be placed within a tag for directory-specific control or within a tag for location-specific control.
1 2 3 4 5 | <Directory "/var/www/html"> <LimitExcept GET POST> Deny from all </LimitExcept> </Directory> |
In this block, /var/www/html should be replaced with the path to the directory you want to restrict. The <LimitExcept> directive allows the listed methods (GET, POST) and denies all others.
4. Save the Changes and Exit
After adding the necessary configuration, save your changes and exit the text editor. If you’re using nano, you can do this by pressing Ctrl+X, then Y to confirm saving the changes, and finally Enter to confirm the file name to write.
5. Restart Apache
The final step is to restart Apache to apply the changes. Depending on your system, you can use one of the following commands:
sudo systemctl restart apache2# Ubuntu/Debiansudo systemctl restart httpd# CentOS/RHEL
And that’s it! Your Apache server should now only allow HTTP GET and POST requests for the specified directory. Any other HTTP methods, such as PUT, DELETE, OPTIONS, etc., will be denied.
Please note: The methods outlined in this article are for servers with full control and access to configuration files. If you’re on a shared hosting plan, you might not have this level of access. Please consult with your hosting provider or system administrator for help with such configurations.