Question posted in
Some documentation to get you started can be found here.

Prevent POST request – Apache

I have a sever with Linux and Apache latest version. I noticed that if I send a POST with data to any address on the site this is accepted even if there is not a specific PHP script that can handle it. I think it’s normal. But how can I prevent this? I know that some sites (Ebay) complete the post before returning an error (imagine if the post includes a large file, server bandwidth consumption is guaranteed).
How can you prevent a POST from running upstream of a php script or any other script? Do you have to work on the Apache server or in the .htaccess?

Tags:

2

Answers


  1. 0

    I’m not sure but I think your should set your response headers to tell your browser what your end point accepts…

    header('Access-Control-Allow-Methods', 'GET, PUT, DELETE, PATCH, OPTIONS'); // just exclude the POST method

    I’m just spit balling, I had gotten this from the CORS specifications.If it doesn’t work then it’s probably because this header has to be in response to an OPTIONS request instead.

    If this does work, please tell me.

    Login or Signup to reply.
  2. 0

    You would have to block the request before it reaches PHP. I’m not sure about the header() method, but restricting access from .htaccess seems a safer option.

    RewriteCond %{REQUEST_METHOD} POST
RewriteRule .* – [F,L]
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search