How to block POST requests?

Rt Ibmer rtibmx at yahoo.com
Wed May 14 07:45:17 MSD 2008


Wow Calomel!! What a fantastic resource.  You know, I recall coming across your site several weeks ago when first getting up to speed with nginx and it was interesting yet a bit over my head at the time.  Now it is really invaluable, so that you so much for putting that together.

I am running on Fedora 8 core and am looking for a good resource that explains how to use iptables to lock down a site to expected usage (rate limits, etc).  I see you have some links on the subject but didn't see anything specific to iptables.  Can you (or anyone else) recommend a good resource for this?

Thanks again!

----- Original Message ----
From: Calomel <nginxlist at calomel.org>
To: nginx at sysoev.ru
Sent: Tuesday, May 13, 2008 9:05:01 PM
Subject: Re: How to block POST requests?

You can also use regular expressions for a bit more flexibility. This
way you can explicitly accept only the request methods you allow and
return the error code of your choosing.

## Only allow GET and HEAD request methods
      if ($request_method !~ ^(GET|HEAD)$ ) {
         return 444;
      }

  Nginx "How to" Fast and Secure webserver
  https://calomel.org/nginx.html

--
  Calomel @ https://calomel.org
  Open Source Research and Reference


On Wed, May 14, 2008 at 12:44:22AM +0200, Rafa?? Zawadzki wrote:
>Tuesday 13 May 2008 23:26:40 Rt Ibmer napisa??(a):
>> My nginx server should never receive POST requests of any time (only HEAD
>> and GET). How can I set up the configuration so that it will return
>> forbidden (or otherwise just drop the request completely) if someone tries
>> to POST data to my server? I thought I saw this somewhere a while back, but
>> just checked the docs and mailing list archive and can't locate the info.
>> Thanks!
>
>Try:
>
>limit_except  GET HEAD {
>    deny   all;
>}
>
>and give any feedback.
>
>P.S.
>
>http://wiki.codemongers.com/NginxHttpCoreModule#limit_except
>
>Cheers,
>
>-- 
>Rafa?? Zawadzki [ System Architect ]
>  RHCE Red Hat Certified Engineer
>tel         +48 22 8430101
>mobile           +48 600 883 759
>skype id         blvszcz
>jabber id         bluszcz at gmail.com


      






More information about the nginx mailing list