Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Securing HTTP Requests with Mod_Rewrite |
|
| Author |
|
Donglecow
Joined: 25 Jan 2017
Posts: 1
|
 Posted: Wed 25 Jan '17 13:18 Post subject: Securing HTTP Requests with Mod_Rewrite |
 |
|
Hi everyone,
I have a page*: http://example.com/es/ that I need to expose to the internet for testing. This is an Elasticsearch instance.
I want to restrict some HTTP request methods to help prevent malicious attacks on my Elasticsearch cluster.
I want to:
Disable PUT, DELETE, TRACE requests.
Allow GET requests
Restrict POST requests to http://example.com/es/_search
How would I go about achieving the restriction on the POST requests? My current mod_rewrite config is below.
RewriteEngine on
RewriteCond %{THE_REQUEST} !^(POST|GET)\ /.*\ HTTP/1\.1$
RewriteRule .* - [F]
Thanks in advance for any advice.
* - This page is just an example of the URL/URI structure. My app isn't actually hosted at example.com. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
|
| Back to top |
|
|
|
|
|
|
