How to block POST requests?

My nginx server should never receive POST requests of any time (only
HEAD and GET). How can I set up the configuration so that it will return
forbidden (or otherwise just drop the request completely) if someone
tries to POST data to my server? I thought I saw this somewhere a while
back, but just checked the docs and mailing list archive and can’t
locate the info. Thanks!

Tuesday 13 May 2008 23:26:40 Rt Ibmer napisał(a):

My nginx server should never receive POST requests of any time (only HEAD
and GET). How can I set up the configuration so that it will return
forbidden (or otherwise just drop the request completely) if someone tries
to POST data to my server? I thought I saw this somewhere a while back, but
just checked the docs and mailing list archive and can’t locate the info.
Thanks!

Try:

limit_except GET HEAD {
deny all;
}

and give any feedback.

P.S.

http://wiki.codemongers.com/NginxHttpCoreModule#limit_except

Cheers,

You can also use regular expressions for a bit more flexibility. This
way you can explicitly accept only the request methods you allow and
return the error code of your choosing.

Only allow GET and HEAD request methods

  if ($request_method !~ ^(GET|HEAD)$ ) {
     return 444;
  }

Nginx “How to” Fast and Secure webserver
https://calomel.org/nginx.html


Calomel @ https://calomel.org
Open Source Research and Reference

On Tue, May 13, 2008 at 09:46:08PM -0700, Jay Reitz wrote:

FWIW, in my limited testing, the limit_except method was ~15% faster than
this approach.

Yes, limit_except should be faster than “if regex”. It was designed
to limit some DAV methods in locations with lots of GETs.
However, it has limited use: inside location only.

FWIW, in my limited testing, the limit_except method was ~15% faster
than
this approach.

j.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs