Re: How to block POST requests?

Rt_Ibmer · May 20, 2008, 8:32am

You can also use regular expressions for a bit more flexibility. This
way you can explicitly accept only the request methods you allow and
return the error code of your choosing.

Only allow GET and HEAD request methods
 if ($request_method !~ ^(GET|HEAD)$ ) {
    return 444;
 }

Hello - I am using the latest nginx 6. When I try to do as you say
above I am getting the error in the nginx error file: unknown directive
“if” in xyz.log

I am using your exact block as above and from your web page, like this:

if ($request_method !~ ^(GET|HEAD)$ ) {
return 444;
}

I have tried this within the main server directive as well as from
within location directives, but always get this error. Obviously I am
missing something? Thanks.

Rt_Ibmer · May 20, 2008, 7:13pm

Rt,

Do you have other “if” statements that do work?

Did you install from source or package? The regular expressions module
which contains the logic for “if” is called ngx_http_rewrite_module.
If you built from source and possibly left this module out then I could
see an error being reported.

I tested the following “if” statement in the server{…} block. I built
from source (Nginx 0.7.x and 0.6.x) and it worked without issue. No
errors in any of the logs.

Only allow GET and HEAD request methods. Deny all others.

  if ($request_method !~ ^(GET|HEAD)$ ) {
     return 444;
  }

–
Calomel @ https://calomel.org
Open Source Research and Reference