I want to restrict all POST request that comes from other server via .htacces
if they try to post any from other server thing they will get redirected to home page or 404 etc.
I tried this
<Limit POST>
order deny,allow
deny from all
allow from 127.0.0.1
</Limit>
Note:- GET request are allowed from all servers. Only to block POST requests.
The default value of the HTTP and HTTPS connector maximum post size is 2MB. However you can adjust the value as per your requirement. The below command to set the connector to accept maximum 100,000 bytes. If the http request POST size exceeds the 100,000 bytes then connector return HTTP/1.1 400 Bad Request.
When set to null, the maximum request body size is unlimited. This limit has no effect on upgraded connections which are always unlimited. This can be overridden per-request via IHttpMaxRequestBodySizeFeature. Defaults to 30,000,000 bytes, which is approximately 28.6MB.
The POST method itself does not have any limit on the size of data.
That block will only prevent POST requests from hosts other than 127.0.0.1, and you will get a 403 Forbidden response. You could try using mod_rewrite and replace the <LIMIT>
with:
RewriteCond %{REQUEST_METHOD} POST
# allow the server to POST to itself
RewriteCond %{REMOTE_ADDR} !127.0.0.1
# allow POST from trusted users
RewriteCond %{REMOTE_ADDR} !123.456.789.123
# send all other post requests to 403 forbidden
RewriteRule ^ / [F]
If you would prefer to send post request to the home page of your site instead replace [F]
in the last line with [R,L]
You'd replace the /
with where your "home page" is if it isn't just /
.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With