My nginx server should never receive POST requests of any time (only
HEAD and GET). How can I set up the configuration so that it will return
forbidden (or otherwise just drop the request completely) if someone
tries to POST data to my server? I thought I saw this somewhere a while
back, but just checked the docs and mailing list archive and can’t
locate the info. Thanks!
Tuesday 13 May 2008 23:26:40 Rt Ibmer napisał(a):
My nginx server should never receive POST requests of any time (only HEAD
and GET). How can I set up the configuration so that it will return
forbidden (or otherwise just drop the request completely) if someone tries
to POST data to my server? I thought I saw this somewhere a while back, but
just checked the docs and mailing list archive and can’t locate the info.
Thanks!
Try:
limit_except GET HEAD {
deny all;
}
and give any feedback.
P.S.
http://wiki.codemongers.com/NginxHttpCoreModule#limit_except
Cheers,
You can also use regular expressions for a bit more flexibility. This
way you can explicitly accept only the request methods you allow and
return the error code of your choosing.
Only allow GET and HEAD request methods
if ($request_method !~ ^(GET|HEAD)$ ) {
return 444;
}
Nginx “How to” Fast and Secure webserver
Nginx Secure SSL Web Server @ Calomel.org
–
Calomel @ https://calomel.org
Open Source Research and Reference
On Tue, May 13, 2008 at 09:46:08PM -0700, Jay Reitz wrote:
FWIW, in my limited testing, the limit_except method was ~15% faster than
this approach.
Yes, limit_except should be faster than “if regex”. It was designed
to limit some DAV methods in locations with lots of GETs.
However, it has limited use: inside location only.
FWIW, in my limited testing, the limit_except method was ~15% faster
than
this approach.
j.