How to block POST requests?

Calomel nginxlist at calomel.org
Tue May 20 21:02:33 MSD 2008


Rt, 

Do you have other "if" statements that do work?

Did you install from source or package? The regular expressions module
which contains the logic for "if" is called ngx_http_rewrite_module.
If you built from source and possibly left this module out then I could
see an error being reported.

I tested the following "if" statement in the server{...} block. I built
from source (Nginx 0.7.x and 0.6.x) and it worked without issue. No
errors in any of the logs.

## Only allow GET and HEAD request methods. Deny all others.
      if ($request_method !~ ^(GET|HEAD)$ ) {
         return 444;
      }

--
  Calomel @ https://calomel.org
  Open Source Research and Reference


On Mon, May 19, 2008 at 07:50:40PM -0700, Rt Ibmer wrote:
>>You can also use regular expressions for a bit more flexibility. This
>>way you can explicitly accept only the request methods you allow and
>>return the error code of your choosing.
>
>>## Only allow GET and HEAD request methods
>>      if ($request_method !~ ^(GET|HEAD)$ ) {
>>         return 444;
>>      }
>
>Hello - I am using the latest nginx 6.  When I try to do as you say above I am getting the error in the nginx error file: unknown directive "if" in xyz.log
>
>I am using your exact block as above and from your web page, like this:
>
>  if ($request_method !~ ^(GET|HEAD)$ ) {
>         return 444;
>  }
>
>I have tried this within the main server directive as well as from within location directives, but always get this error.  Obviously I am missing something? Thanks.
>
>
>      
>





More information about the nginx mailing list