How to block POST requests?

Jay Reitz jreitz at gmail.com
Wed May 14 08:46:08 MSD 2008


FWIW, in my limited testing, the limit_except method was ~15% faster than
this approach.

>j.

On Tue, May 13, 2008 at 6:05 PM, Calomel <nginxlist at calomel.org> wrote:

> You can also use regular expressions for a bit more flexibility. This
> way you can explicitly accept only the request methods you allow and
> return the error code of your choosing.
>
> ## Only allow GET and HEAD request methods
>      if ($request_method !~ ^(GET|HEAD)$ ) {
>         return 444;
>      }
>
>  Nginx "How to" Fast and Secure webserver
>  https://calomel.org/nginx.html
>
> --
>  Calomel @ https://calomel.org
>  Open Source Research and Reference
>
>
> On Wed, May 14, 2008 at 12:44:22AM +0200, Rafa?? Zawadzki wrote:
> >Tuesday 13 May 2008 23:26:40 Rt Ibmer napisa??(a):
> >> My nginx server should never receive POST requests of any time (only
> HEAD
> >> and GET). How can I set up the configuration so that it will return
> >> forbidden (or otherwise just drop the request completely) if someone
> tries
> >> to POST data to my server? I thought I saw this somewhere a while back,
> but
> >> just checked the docs and mailing list archive and can't locate the
> info.
> >> Thanks!
> >
> >Try:
> >
> >limit_except  GET HEAD {
> >    deny   all;
> >}
> >
> >and give any feedback.
> >
> >P.S.
> >
> >http://wiki.codemongers.com/NginxHttpCoreModule#limit_except
> >
> >Cheers,
> >
> >--
> >Rafa?? Zawadzki [ System Architect ]
> >  RHCE Red Hat Certified Engineer
> >tel            +48 22 8430101
> >mobile         +48 600 883 759
> >skype id       blvszcz
> >jabber id      bluszcz at gmail.com
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20080513/2dc9272d/attachment.html>


More information about the nginx mailing list