Disable OPTIONS HTTP on Apache Server

Question

Request:
OPTIONS / HTTP/1.1
Host: webcat.staci.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*

Response:
HTTP/1.1 200 OK
Date: Thu, 01 Oct 2015 12:24:59 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Allow: GET,HEAD,POST,OPTIONS,TRACE
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Keep-Alive: timeout=7, max=95
Connection: Keep-Alive
Content-Type: httpd/unix-directory
Set-Cookie: BIGipServerwebcat-ssl=192938503.47873.0000; path=/; httponly; secure

i want to disable HTTP OPTIONS on my Apache Server but i want to keep GET, POST and i want to PING my server.

how could I do that ?

my httpd.conf:

RewriteEngine On
RewriteCond %{REQUEST_METHOD} !^ (GET,POST,HEAD)
RewriteRule .* – [R=405,L]

Answer 1

OPTIONS method cannot be disabled using RewriteCond. You must disabled by using LimitExcept directive.

Below is the snippet could be added on outside of the of the Apache configuration:

<Location />
    <LimitExcept GET POST>
        order deny,allow
        deny from all
    </LimitExcept>
</Location>

Please do not forget to re-start the web server :)