Block GET request to a directory with .htaccess

Question

I want to block all HTTP GET requests to a directory which contain videos and images like upload folder. And if user is coming with HTTP POST than allow user to access. Currently I am using

#Contents of .htaccess

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^PATH.*$ [NC]
RewriteCond %{HTTP_REFERER} !^PATH.*$ [NC]
RewriteRule .(mp4|mp3|avi)$ - [F]

But its blocking all request. I want to access this with HTTP POST request.

Please help me with this.

Answer 1

You could also do something like the following using an Apache 2.4 expression in .htaccess:

<If "%{REQUEST_URI} =~ m#^/upload/#">
    Require method POST
</If>

Any URL-path that starts /upload/ will be blocked, unless it is a POST request.

Answer 2

You can use the following mod-rewrite based solution to block all GET requests for upload folder.

RewriteEngine On

RewriteCond %{THE_REQUEST} GET\s/upload [NC]
RewriteRule ^ - [F,L]

Or

RewriteEngine On

RewriteCond %{REQUEST_METHOD} GET
RewriteRule ^upload - [F,L]

Answer 3

You need to write the htaccess rules that will allow only post request. Follow this following script.

<Directory "/var/www/folder">
    <Files "index.php">
        Require method POST
    </Files>
</Directory>

However, since that's part of the authorization section, you may want to try this instead:

<Directory "/var/www/folder">
    <Files "index.php">
        <LimitExcept POST>
            Order allow,deny
            Deny from all
        </LimitExcept>
    </Files>
</Directory>