Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Restrict POST Request The Server

I want to restrict all POST request that comes from other server via .htacces if they try to post any from other server thing they will get redirected to home page or 404 etc. I tried this

<Limit POST>  
order deny,allow  
deny from all 
allow from 127.0.0.1
</Limit> 

Note:- GET request are allowed from all servers. Only to block POST requests.

like image 571
Basic Bridge Avatar asked Jul 20 '12 17:07

Basic Bridge


People also ask

How much data can be sent in a POST request?

The default value of the HTTP and HTTPS connector maximum post size is 2MB. However you can adjust the value as per your requirement. The below command to set the connector to accept maximum 100,000 bytes. If the http request POST size exceeds the 100,000 bytes then connector return HTTP/1.1 400 Bad Request.

What is Max request body size?

When set to null, the maximum request body size is unlimited. This limit has no effect on upgraded connections which are always unlimited. This can be overridden per-request via IHttpMaxRequestBodySizeFeature. Defaults to 30,000,000 bytes, which is approximately 28.6MB.

How much maximum payload you could do in post method?

The POST method itself does not have any limit on the size of data.


1 Answers

That block will only prevent POST requests from hosts other than 127.0.0.1, and you will get a 403 Forbidden response. You could try using mod_rewrite and replace the <LIMIT> with:

RewriteCond %{REQUEST_METHOD} POST

# allow the server to POST to itself
RewriteCond %{REMOTE_ADDR} !127.0.0.1   

# allow POST from trusted users
RewriteCond %{REMOTE_ADDR} !123.456.789.123   

# send all other post requests to 403 forbidden
RewriteRule ^ / [F]   

If you would prefer to send post request to the home page of your site instead replace [F] in the last line with [R,L]

You'd replace the / with where your "home page" is if it isn't just /.

like image 149
Jon Lin Avatar answered Oct 18 '22 17:10

Jon Lin