Re: Block access to "OPTIONS *"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

On Thu, Feb 11, 2016 at 10:56 PM, Toomas Aas <toomas.aas@xxxxxxxxxxx> wrote:
>
> Approach 1:
> -------------------------------------
> RewriteCond %{REQUEST_METHOD} OPTIONS
> RewriteRule .* - [R=405,L]
> -------------------------------------

You also need to set:
  RewriteOptions AllowAnyURI
for this to work.

But since this option could open some dangerous doors (see [1]), I
also suggest to use something like:
  RewriteRule ^[^/] - [R=403,L]
just after "Approach 1" above, so to deny any URI not starting with '/'.

Regards,
Yann.

[1] http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewriteoptions

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux