Block POST requests on websites using .htaccess

Block POST requests on websites using .htaccess

That block will only prevent POST requests from hosts other than 127.0.0.1, and you will get a 403 Forbidden response:
RewriteCond %{REQUEST_METHOD} POST

# allow the server to POST to itself
RewriteCond %{REMOTE_ADDR} !127.0.0.1

# allow POST from trusted users
RewriteCond %{REMOTE_ADDR} !123.456.789.123

# send all other post requests to 403 forbidden
RewriteRule ^ / [F]
If you would prefer to send post request to the home page of your site instead replace [F] in the last line with [R,L]
You’d replace the / with where your “home page” is if it isn’t just /.

 


# deny all POST requests
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_METHOD} POST
RewriteRule .* – [F,L]
</IfModule>

Leave a Reply

Your email address will not be published.

sixteen − nine =

This site uses Akismet to reduce spam. Learn how your comment data is processed.