I want to create a rule that blocks all http requests (get,post,put, literally all of them) and only allow certain ones that I specify. Specifically, Get, Put and Post. I am running ModSecurity V3.
If there is a rule that can do something like this, if someone wouldn't mind sharing the syntax, I would greatly appreciate it.
Note: Currently I am getting a 403 (Forbidden) response when I attempt to request for a POST/PUT. Not sure why this is.
Thanks!
Using ModSecurity, try this rule (last 2 lines are optional):
SecRule REQUEST_METHOD "!@within GET POST PUT" \
"id:20,\
phase:1,\
deny,\
msg:'Method is not allowed by policy',\
logdata:'%{MATCHED_VAR}'"
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.