How to block post method on some url in htaccess

Asked 14/6, 2013 at 17:47 Answered 19/1 at 4:58

Solved apache .htaccess mod-rewrite url-rewriting

Is it possible to block POST method on some url like

www.mydomain.com/dontposthere
www.mydomain.com/something/againdontposthere

in htaccess ?

Americano answered 14/6, 2013 at 17:47 Comment(1)

I don't know if this is what you're looking for, but try: #11584601 – Ideography 14/6, 2013 at 17:54

If you have access to mod_rewrite, you can check the REQUEST_METHOD environment variable and rewrite the url to another page that displays a message saying something like "You are not allowed to post"

Create a page with the message: /var/www/noPost.php

You are not allowed to post to this page

Then use an .htaccess rule like this:

RewriteEngine On

RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} ^/dontposthere [OR]
RewriteCond %{REQUEST_URI} ^/something/againdontposthere
RewriteRule .* /noPost.php [L,QSA]

You can create a list of files/folders as conditions to match or even a regex pattern to match multiple files/folders. You would just need to put [OR] after all but the last.

Hugely answered 14/6, 2013 at 17:56 Comment(0)

Alternative to writing a "noPost" page, simply return a 403 response directly with the F|forbidden flag:

RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} ^/dontposthere
RewriteRule .* - [F,L]

Underpants answered 6/2, 2018 at 7:0 Comment(0)

Allow POST requests only from specific URI's

You can block POST methods from all URIs, except a few specific ones allowed (like contact forms, and login froms), using this .htaccess code:

RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} !^/admin/
RewriteCond %{REQUEST_URI} !^/contact\.php
RewriteCond %{REQUEST_URI} !^/login\.php
RewriteRule ^ / [F]

Hope it's been useful for you, and saves you a few hours.

Loquitur answered 19/1 at 4:58 Comment(0)

Allow POST requests only from specific URI's

Recommended topics

Hot tags