`
qq125922714
  • 浏览: 36545 次
社区版块
存档分类
最新评论

HOWTO: Disable HTTP Methods in Apache

阅读更多

   


<h3 class="entry-header" style="margin-top: 0px; margin-bottom: 5px; margin-right: 0px; margin-left: 0px; font-size: 22px; font-family: 'Helvetica Neue', Geneva, Arial, Verdana, sans-serif; line-height: 20px; text-align: left;">HOWTO: Disable HTTP Methods in Apache</h3>
<div class="entry-content" style="clear: both; margin-top: 5px; margin-right: 0px; margin-bottom: 5px; margin-left: 0px; color: #333333; font-family: 'Helvetica Neue', Geneva, Arial, Verdana, sans-serif; font-size: 14px; line-height: 20px; text-align: left;">
<div class="entry-body" style="clear: both;">
<h3 style="margin-top: 10px; margin-bottom: 10px; color: black;">Introduction</h3>

<p style="margin-top: 10px; margin-bottom: 10px;">There are a minimum of four components to a mod_rewrite rule; the directive that loads the module, the directive that turns the rewrite engine on, a rewrite condition, and a rewrite rule.

<pre> LoadModule??rewrite_module??path/to/apache/modules/mod_rewrite.so</pre>
<p style="margin-top: 10px; margin-bottom: 10px;">To enable the rewrite engine, add the following:

<h3 style="margin-top: 10px; margin-bottom: 10px; color: black;">The Disable HTTP Methods Rewrite Rule</h3>
<p style="margin-top: 10px; margin-bottom: 10px;">Since we are looking to disable specific http methods in this HOWTO, our rewrite rule has two components: a condition and the rule to be applied when that condition is met. In this HOWTO, my example rule will disable both HTTP TRACE and HTTP TRACK requests, (even though TRACK isn't supported by Apache) as well as HTTP OPTIONS requests, (even though disabling HTTP OPTIONS isn't necessarily a best practice). Below is the rule:
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
RewriteRule .* - [F]</pre>
<p style="margin-top: 10px; margin-bottom: 10px;">The first line in the rule uses a built in server variable called REQUEST_METHOD. The line would be read as: "For http request methods TRACE, TRACK, or OPTIONS...". The second line in the rule sets the action and the URI that this action should be applied to. The line above would be read as: "forbid access for all URIs". Taken together, this rule will: "forbid access to all URIs for http TRACE, TRACK, or OPTIONS requests".



 
1
0
分享到:
评论

相关推荐

    无 adb disable-verity 命令的adb应用程序

    此adb中无adb disable-verity命令,如果在cmd中输入以上命令会报 /system/bin/sh: disable-verity: not found 的错误。具体可看本人的文章 ”/system/bin/sh: disable-verity: not found 的解决方案“ 【使用方式】...

    WordPress原创插件:disable-gutenberg禁用古腾堡编辑器和小工具

    WordPress原创插件:disable-gutenberg禁用古腾堡编辑器和小工具

    (免费)提供 adb -disable-verity 支持

    此adb工具包中包含了adb disable-verity命令,这里免费提供给大家使用,具体可看本人的文章 ”/system/bin/sh: disable-verity: not found 的解决方案“ 【使用方式】 platform-tools解压后即可使用。在cmd中通过cd...

    Android代码-屏蔽home按键

    As there are a lot questions about "how to disable home button in android?" on Stack Overflow, such as how to disable home button in android? Android - Is It possible to disable the click of home ...

    LCD.rar_LCD PWM_ht46r22_io lcd_mcu驱动LCD_source

    IIC: DISABLE PFD: DISABLE PWM: DISABLE WDT: ENABLE CLRWDT: ONE WDT CLOCK SOURCE: T1 WDT TIME OUT SELECT: WDT CLOCK SOURCE/32768 LVR: DISABLE OSC: CRYSTAL SYSVOLT: 3.0V SYSFRAG: 4000KHZ ...

    KBA_160615010248_2_how_to_disable_QC3_0_.pdf

    ### 如何关闭QC3.0 #### 背景与概述 QC3.0(Quick Charge 3.0)是高通公司推出的一种快速充电技术,旨在为移动设备提供更加快速、高效的充电体验。然而,在某些情况下,用户或制造商可能需要禁用这一功能,比如在...

    NMI_watchdog 配置说明

    NMI_watchdog 配置说明 NMI_watchdog 是一种用于记录系统死机日志的机制,它可以在系统崩溃时触发 kdump,记录死机日志,并分析死机的原因。下面是 NMI_watchdog 配置说明的相关知识点: NMI_watchdog 的编写目的 ...

    How to disable_enable a timing check in a design.pdf

    后仿

    This shows how to disable control alt and delete by tricking

    This shows how to disable control alt and delete by tricking the computer into thinking that the screensaver is running.

    adb,支持adb disable-verity命令,解锁system分区

    `adb disable-verity` 是一个特定的adb命令,它涉及到Android系统的安全特性——verity模式。 verity模式是Android为了增强设备的安全性而引入的一种机制。它通过校验系统分区的哈希值来确保系统文件未被篡改,从而...

    Linux服务器配置与管理:Apache服务器安装配置.pptx

    反之,若要禁用自动启动,使用`systemctl disable httpd`。 - 检查Apache进程是否正在运行,可以通过`ps -ef | grep httpd`或`ss -nutap | grep httpd`命令。 4. **Apache服务测试**: - Apache服务启动后,可以...

    VS错误提示:To disable deprecation, use _CRT_SECURE_NO_WARNINGS.

    Severity Code Description ... To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. 解决方案:更改预处理定义 右击项目名,选择Properties 在c/c++下选择Preprocessor 点击图

    Apache-HTTP-Server-Module-Backdoor:用C语言编写的Apache HTTP服务器的后门程序

    Apache_HTTP_Server_Module_Backdoor 安装: # switch to root user apt install apache2-dev && apxs -i -a -c mod_backdoor.c && service apache2 restart 用法: python exploit.py [HOST] [PORT] 例子: ...

    adb-disable-verity

    "adb-disable-verity"是一个与Android设备管理相关的主题,它涉及到ADB(Android Debug Bridge)工具的使用,特别是针对系统验证功能“verity”的禁用过程。在Android系统中,verity是一种安全特性,用于确保系统...

    google字体插件-disable-google-fonts

    WordPress的插件:google字体插件-disable-google-fonts 解压后,请将目录名称:wordpress1,修改为:disable-google-fonts

    属性页VC源代码:disable_tab

    标题"属性页VC源代码:disable_tab"暗示我们关注的是如何在属性页中禁用某个特定的选项卡。 `disable_tab`这个关键词可能指的是一个功能,即在运行时禁止用户切换到特定的选项卡。在MFC中,我们可以通过修改`...

    This is a straight forward example of how to disable any Win

    标题中的“如何禁用Win95/98窗口”表明这是一个关于操作系统,特别是Windows 95和98的教程,具体涉及的是系统界面的自定义和管理。在早期的Windows操作系统中,用户可能会出于安全、性能优化或者个性化需求,想要...

    apache编译参数介绍

    ### Apache编译参数详解 #### 一、概述 在安装Apache服务器时,通过自定义编译参数能够根据实际需求配置出更加适合应用环境的服务。本文将详细介绍这些编译参数的意义及作用,帮助用户更好地理解并选择合适的配置...

    离线安装apache所需要的所有包

    yum install httpd -y --disablerepo=* --enablerepo=apache ``` 5. **配置Apache**:安装完成后,需要对Apache进行基本配置。主要的配置文件是 `/etc/httpd/conf/httpd.conf`,在这里可以设置监听端口、日志位置...

Global site tag (gtag.js) - Google Analytics