John
Reputation: 13720
Blocked HTTP Methods are not returning HTTP 405 response
How do I configure (ideally) Apache (or alternatively) PHP to respond specifically with an HTTP 405 when the request method is not GET or POST?
My Apache .htaccess attempt does block requests except it returns the incorrect HTTP 403 response:
<LimitExcept GET POST>
Order Allow,Deny
Deny from all
</LimitExcept>
In PHP I've used the following at the absolute start of where requests are handled and it just gets completely ignored:
if (!in_array($_SERVER['REQUEST_METHOD'],array('GET','POST')))
{
header('Access-Control-Allow-Methods: GET, POST');
header('HTTP/1.1 405');
die();
}
Upvotes: 0
Views: 923
Answers (1)
Pandurang
Reputation: 1741
You can use below redirect rule to disable method and return 405 error code.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} !^(POST|GET)$
RewriteRule .* - [R=405]
Upvotes: 1
Related Questions
- How to block post method on some url in htaccess
- Block HTTP POST request
- Showing 404 even when blocked
- Blocking URL in .htaccess - why not working?
- Custom 405 Error Message via Htaccess Doesn't show When Sending PHP Header
- Blocking all requests through .htaccess
- Requests to .htaccess should return 404 instead of 403
- Force 404 with PHP and .htaccess not working
- 405 - HTTP verb used to access this page is not allowed
- .htaccess 403 Forbidden exclusions