Limit Available Methods

Want to limit OPTIONS and TRACE method from nginx server

Referred following post( section #11)
Disable certain HTTP methods at global level, below article will help
us to restrict at server block level
*

We want to disable at global level because our configuration consist of
so many server blocks

Any help appreciated

Regards
Kamalakar

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,223208,223208#msg-223208

On Thu, Mar 01, 2012 at 05:18:48AM -0500, kamalakarv wrote:

Want to limit OPTIONS and TRACE method from nginx server

Referred following post( section #11)
Disable certain HTTP methods at global level, below article will help
us to restrict at server block level
*
http://www.cyberciti.biz/tips/linux-unix-bsd-nginx-webserver-security.html

We want to disable at global level because our configuration consist of
so many server blocks

The ngx_http_dav_module module processes HTTP and WebDAV methods PUT,
DELETE,
MKCOL, COPY, and MOVE, i.e. no OPTIONS and TRACE methods.
You may specify WebDAV methods with dav_methods directive, see
http://nginx.org/en/docs/http/ngx_http_dav_module.html for details.

AFAIK OPTIONS method available with dav_ext third-party module
https://github.com/arut/nginx-dav-ext-module/


Sergey A. Osokin
[email protected]
[email protected]

Hello!

On Thu, Mar 01, 2012 at 05:18:48AM -0500, kamalakarv wrote:

Want to limit OPTIONS and TRACE method from nginx server

Referred following post( section #11)
Disable certain HTTP methods at global level, below article will help
us to restrict at server block level
*
http://www.cyberciti.biz/tips/linux-unix-bsd-nginx-webserver-security.html

We want to disable at global level because our configuration consist of
so many server blocks

The TRACE method is always rejected with 405 since nginx 0.5.17.

To disable other methods like OPTIONS (which currently isn’t
handled by nginx, but may be proxy_pass’ed somewhere else) you
have to use either rewrite checks like in the article above or the
“limit_expect” directive (http://nginx.org/r/limit_except). This
isn’t possible at global level, though you may use the “include”
directive (http://nginx.org/r/include) to include common
configuration block into all servers.

Maxim D.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs