How to Disable Unneeded HTTP Request Methods (Apache)

Article sections

The HTTP 1.1 protocol supports several request methods which are rarely used and potentially high risk. For example, methods such as PUT and DELETE are rarely used and should be disabled in keeping with the primary security principal of minimize features and options.

1 – Browse to the Apache configuration directory and open the httpd.conf file.

2 – Search for the Directory Directive for your document root e.g:

< Directory “/usr/local/apache2/htdocs”> < Directory “/var/www”>

3 – Add a directive below within the group of document root directive.
< Directory “/usr/local/apache2/htdocs”>
# Limit HTTP methods
<LimitExcept GET POST OPTIONS>
Require all denied
</ LimitExcept>
</ Directory>

4 – Search for other directives in the Apache configuration files other than the document root directory, and add the same directives to each. e.g <Directory “/usr/local/apache2/cgi-bin”>

Last Updated: 4 years ago in Web Server

How to enforce HttpOnly attribute on cookies (Apache)
How to Disable HTTP TRACE Method (Apache)
How to Remove Apache Version Banner
How to Disable User Directories Modules in Apache HTTP Server
How to enforce HttpOnly attribute on cookies (IIS)
How to Configure IIS for Production Use

Article sections

Related Articles

Recent Posts