: Security and Apache Methods I occasionally get annoying POST requests but one lately caused a 500 error. Not a biggie really, but it got me thinking. My site does not have but one form. Outside
I occasionally get annoying POST requests but one lately caused a 500 error. Not a biggie really, but it got me thinking.
My site does not have but one form. Outside of this, POST should not exist for any request. I can control this using .htaccess. So I started planning some additional security measures.
GET and HEAD should of course be allowed always.
POST only for the one form.
Other than that, WHAT Apache Methods should be allowed and which should be blocked?
I would imagine blocking PUT, DELETE, and TRACE at the least.
I do not expect an answer on all of the Methods of course. Just based upon your knowledge and experience. If you have a resource to help detail this, that would be great!
Here is a list of all of the METHODS (for reference):
GET / HEAD / PUT / POST / DELETE / CONNECT / OPTIONS / TRACE / PATCH / PROPFIND / PROPPATCH / MKCOL / COPY / MOVE / LOCK / UNLOCK / VERSION_CONTROL / CHECKOUT / UNCHECKOUT / CHECKIN / UPDATE / LABEL / REPORT / MKWORKSPACE / MKACTIVITY / BASELINE_CONTROL / MERGE / INVALID
More posts by @Jamie184
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.