How to disable HTTP methods in Apache HTTPD?

  • To disable the HTTP options method on your CentOS or AlmaLinux based Linux server, you should add the following code in the .htaccess file.

RewriteCond %{REQUEST_METHOD} ^(PUT|DELETE|TRACE|OPTIONS|CONNECT)$ [NC]RewriteRule .* - [F]

  • The RewriteCond will check the HTTP method currently used by request, and RewriteRule will intercept that request creating a response with a 403 Forbidden status response code.
  • You can use the curl command to check if a configuration change is effectively disabling the HTTPd methods.

curl -v -X TRACE http://host-name:port/
curl -v -X TRACE http://host-name:port/appContext
curl -v -X DELETE http://host-name:port/
curl -v -X DELETE http://host-name:port/appContext

Leave a Reply

Your email address will not be published. Required fields are marked *