How to block POST requests?

Igor Sysoev is at rambler-co.ru
Wed May 14 13:53:25 MSD 2008


On Tue, May 13, 2008 at 09:46:08PM -0700, Jay Reitz wrote:

> FWIW, in my limited testing, the limit_except method was ~15% faster than
> this approach.

Yes, limit_except should be faster than "if regex". It was designed
to limit some DAV methods in locations with lots of GETs.
However, it has limited use: inside location only.

> >j.
> 
> On Tue, May 13, 2008 at 6:05 PM, Calomel <nginxlist at calomel.org> wrote:
> 
> > You can also use regular expressions for a bit more flexibility. This
> > way you can explicitly accept only the request methods you allow and
> > return the error code of your choosing.
> >
> > ## Only allow GET and HEAD request methods
> >      if ($request_method !~ ^(GET|HEAD)$ ) {
> >         return 444;
> >      }
> >
> >  Nginx "How to" Fast and Secure webserver
> >  https://calomel.org/nginx.html
> >
> > --
> >  Calomel @ https://calomel.org
> >  Open Source Research and Reference
> >
> >
> > On Wed, May 14, 2008 at 12:44:22AM +0200, Rafa?? Zawadzki wrote:
> > >Tuesday 13 May 2008 23:26:40 Rt Ibmer napisa??(a):
> > >> My nginx server should never receive POST requests of any time (only
> > HEAD
> > >> and GET). How can I set up the configuration so that it will return
> > >> forbidden (or otherwise just drop the request completely) if someone
> > tries
> > >> to POST data to my server? I thought I saw this somewhere a while back,
> > but
> > >> just checked the docs and mailing list archive and can't locate the
> > info.
> > >> Thanks!
> > >
> > >Try:
> > >
> > >limit_except  GET HEAD {
> > >    deny   all;
> > >}
> > >
> > >and give any feedback.
> > >
> > >P.S.
> > >
> > >http://wiki.codemongers.com/NginxHttpCoreModule#limit_except
> > >
> > >Cheers,
> > >
> > >--
> > >Rafa?? Zawadzki [ System Architect ]
> > >  RHCE Red Hat Certified Engineer
> > >tel            +48 22 8430101
> > >mobile         +48 600 883 759
> > >skype id       blvszcz
> > >jabber id      bluszcz at gmail.com
> >
> >
> >
> >

-- 
Igor Sysoev
http://sysoev.ru/en/





More information about the nginx mailing list