Apache Module mod_allowmethods
Description: | Easily restrict what HTTP methods can be used on the server |
---|---|
Status: | Experimental |
ModuleIdentifier: | allowmethods_module |
SourceFile: | mod_allowmethods.c |
Compatibility: | Available in Apache 2.3 and later |
Summary
This module makes it easy to restrict what HTTP methods can be used on a server. The most common configuration would be:
<Location "/"> AllowMethods GET POST OPTIONS </Location>
AllowMethods Directive
Description: | Restrict access to the listed HTTP methods |
---|---|
Syntax: | AllowMethods reset|HTTP-method [HTTP-method]... |
Default: | AllowMethods reset |
Context: | directory |
Status: | Experimental |
Module: | mod_allowmethods |
The HTTP-methods are case sensitive and are generally, as per RFC, given in upper case. The GET and HEAD methods are treated as equivalent. The reset
keyword can be used to turn off mod_allowmethods
in a deeper nested context:
<Location "/svn"> AllowMethods reset </Location>
Caution
The TRACE method cannot be denied by this module; use TraceEnable
instead.
mod_allowmethods
was written to replace the rather kludgy implementation of Limit
and LimitExcept
.
© 2018 The Apache Software Foundation
Licensed under the Apache License, Version 2.0.
https://httpd.apache.org/docs/2.4/en/mod/mod_allowmethods.html