Facebook Twitter Instagram
    TecAdmin
    • Home
    • FeedBack
    • Submit Article
    • About Us
    Facebook Twitter Instagram
    TecAdmin
    You are at:Home»Web Servers»Apache»How To Disable HTTP Methods in Apache

    How To Disable HTTP Methods in Apache

    By RahulDecember 31, 20212 Mins Read

    The HTTP methods are used to perform create, read, update, and delete (or CRUD) operations. The most common methods are POST, GET, PUT, PATCH, and DELETE. Its good practice to disable methods, which are unused and insecure like PUT, PATCH, and DELETE.

    Advertisement

    This tutorial explains, how to disable HTTP methods for an apache web server.

    Disable HTTP Methods in Apache

    Create a “.htaccess” file under the document root directory and add the following code. Make sure that the Apache rewrite module and .htaccess are enabled.

    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^(HEAD|PUT|DELETE|PATCH|TRACK|OPTIONS) 
    RewriteRule .* - [F]
    

    The above configuration will disable HEAD, PUT, DELETE, PATCH, TRACK, and OPTIONS methods.

    Next, restart the Apache webserver to apply changes.

    sudo systemctl restart apache2 
    

    Verify Setup

    You can verify changes using the curl command line utility. Let’s send a request from your system to verify that the server accepts specific header requests. For example, the below command will send an “OPTIONS” request to the server.

    curl -i -X OPTIONS https://tecadmin.net 
    
    Output
    HTTP/1.1 403 Forbidden Date: Thu, 30 Dec 2021 05:50:03 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 281 Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access this resource.</p> <hr> <address>Apache Server at tecadmin.net Port 443</address> </body></html>

    You will see a forbidden message in the result. This means that the Apache server rejected the OPTIONS request.

    Conclusion

    Hopefully, this article will help you disable the HTTP methods for your Apache webserver.

    Apache http
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email WhatsApp

    Related Posts

    How to Install Apache CouchDB on Ubuntu & Debian

    Nginx vs. Apache: Comparing the Two Leading Web Servers

    Nginx vs. Apache: Comparing the Two Leading Web Servers

    How to Set Up Apache, MySQL, and PHP on macOS: A Comprehensive Guide

    View 1 Comment

    1 Comment

    1. Varun on December 31, 2021 5:29 am

      Thanks, this helps me to secure WordPress site from malicious contents.

      Reply

    Leave A Reply Cancel Reply

    Advertisement
    Recent Posts
    • Setting and Getting the Default Timezone in Python
    • What is Media Access Control (MAC) Address?
    • What is Cross-Site Scripting (XSS)?
    • What is Content Security Policy (CSP)?
    • A User’s Guide to Understanding Redirection Operators in Bash
    Facebook Twitter Instagram Pinterest
    © 2023 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.