DEVHIDE
Login Or Sign up

How do I add a ModSecurity rule to block certain http requests?

1.2k Views Asked by At

I want to create a rule that blocks all http requests (get,post,put, literally all of them) and only allow certain ones that I specify. Specifically, Get, Put and Post. I am running ModSecurity V3.

If there is a rule that can do something like this, if someone wouldn't mind sharing the syntax, I would greatly appreciate it.

Note: Currently I am getting a 403 (Forbidden) response when I attempt to request for a POST/PUT. Not sure why this is.

Thanks!

nginx firewall mod-security web-application-firewall mod-security2
Original Q&A
1

There are 1 best solutions below

0
azurit On

Using ModSecurity, try this rule (last 2 lines are optional):

SecRule REQUEST_METHOD "!@within GET POST PUT" \
    "id:20,\
    phase:1,\
    deny,\
    msg:'Method is not allowed by policy',\
    logdata:'%{MATCHED_VAR}'"

Related Questions in NGINX

Related Questions in FIREWALL

Related Questions in MOD-SECURITY

Related Questions in WEB-APPLICATION-FIREWALL

Related Questions in MOD-SECURITY2

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.