logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Securing HTTP Requests with Mod_Rewrite
Author
Donglecow



Joined: 25 Jan 2017
Posts: 1

PostPosted: Wed 25 Jan '17 13:18    Post subject: Securing HTTP Requests with Mod_Rewrite Reply with quote

Hi everyone,

I have a page*: http://example.com/es/ that I need to expose to the internet for testing. This is an Elasticsearch instance.

I want to restrict some HTTP request methods to help prevent malicious attacks on my Elasticsearch cluster.

I want to:
Disable PUT, DELETE, TRACE requests.
Allow GET requests
Restrict POST requests to http://example.com/es/_search

How would I go about achieving the restriction on the POST requests? My current mod_rewrite config is below.

RewriteEngine on
RewriteCond %{THE_REQUEST} !^(POST|GET)\ /.*\ HTTP/1\.1$
RewriteRule .* - [F]

Thanks in advance for any advice.

* - This page is just an example of the URL/URI structure. My app isn't actually hosted at example.com.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg

PostPosted: Thu 26 Jan '17 13:55    Post subject: Reply with quote

Answered that one in https://www.apachehaus.com/forum/index.php?topic=1448.0
Back to top


Reply to topic   Topic: Securing HTTP Requests with Mod_Rewrite View previous topic :: View next topic
Post new topic   Forum Index -> Apache