Reputation: 72991
Using RewriteRule in .htaccess for POST request
I am attempting to lock down a page to only accept POST requests. as part of an RESTful API. I have the following, but it doesn't seem to work. Any help would be appreciated.
RewriteCond %{REQUEST_METHOD} POST
RewriteRule ^api/(call1|call2|call3)/?/ http://www.example.com/api/rest_services.php?_call=$1 [L]
Upvotes: 0
Views: 10623
Answers (4)
Reputation: 798686
Use this in conjunction with <Location>:
<Limit GET>
Deny from all
</Limit>
Upvotes: 0
Reputation: 655269
You need to invert the condition to just match requests that are not POST:
RewriteCond %{REQUEST_METHOD} !=POST
RewriteRule ^api/(call1|call2|call3)/?/ - [L,R=405]
And then you should also send the 405 status code to tell the client the reason. But the R=405 flag is only available since Apache 2. For Apache 1 you can send those requests to a PHP script that responds with that status code.
Upvotes: 9
Reputation: 72991
My mistake. Syntax error on the RewriteRule. Should be the following. Note the $ not /
RewriteRule ^api/(call1|call2|call3)/?$ http://www.example.com/api/rest_services.php?_call=$1 [L]
Upvotes: 1
Reputation: 132274
I'm not qualified to answer the question about .htaccess, but this is the way I'd rather do it anyway:
<?php
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
die('some meaningful REST style error here');
}
Upvotes: 2
Related Questions
- .htaccess, preserve post data on url rewrite
- RewriteRule clearing post data
- htaccess -> Rewriting a request
- Mod rewrite issue redirect with post
- Send POST data with RewriteRule
- How to pass post data after url rewrite in .htaccess
- htaccess rewriterule preserve post data
- Htaccess form POST doesn't work?
- Rewrite HTTP GET request to POST in Apache using htaccess
- How do I use POST with htaccess rewriterule?