Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How to turn OFF POST for a virtual web site.

5 views
Skip to first unread message

horus

unread,
Nov 7, 2009, 6:42:08 PM11/7/09
to
"POST /blah.php HTTP/1.1" 200

How to I block the above action on my apache server????

here's my config:

Server version: Apache/2.0.63
Server built: Nov 6 2008 12:26:40
Server's Module Magic Number: 20020903:13
Server loaded: APR 0.9.17, APR-UTIL 0.9.15
Compiled using: APR 0.9.17, APR-UTIL 0.9.15
Architecture: 32-bit
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/prefork"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D HTTPD_ROOT="/usr/local/apache2"
-D SUEXEC_BIN="/usr/local/apache2/bin/suexec"
-D DEFAULT_PIDLOG="logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_LOCKFILE="logs/accept.lock"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"

Loaded Modules:
core_module (static)
mpm_prefork_module (static)
http_module (static)
so_module (static)
auth_digest_module (shared)
authn_file_module (shared)
authn_alias_module (shared)
authn_anon_module (shared)
authn_dbm_module (shared)
authn_default_module (shared)
authz_host_module (shared)
authz_user_module (shared)
authz_owner_module (shared)
authz_groupfile_module (shared)
authz_dbm_module (shared)
authz_default_module (shared)
ldap_module (shared)
authnz_ldap_module (shared)
include_module (shared)
log_config_module (shared)
logio_module (shared)
env_module (shared)
ext_filter_module (shared)
mime_magic_module (shared)
expires_module (shared)
deflate_module (shared)
headers_module (shared)
usertrack_module (shared)
setenvif_module (shared)
mime_module (shared)
dav_module (shared)
status_module (shared)
autoindex_module (shared)
info_module (shared)
dav_fs_module (shared)
vhost_alias_module (shared)
negotiation_module (shared)
dir_module (shared)
actions_module (shared)
speling_module (shared)
userdir_module (shared)
alias_module (shared)
rewrite_module (shared)
proxy_module (shared)
proxy_balancer_module (shared)
proxy_ftp_module (shared)
proxy_http_module (shared)
proxy_connect_module (shared)
cache_module (shared)
suexec_module (shared)
disk_cache_module (shared)
file_cache_module (shared)
mem_cache_module (shared)
cgi_module (shared)
perl_module (shared)
php5_module (shared)
proxy_ajp_module (shared)
python_module (shared)
ssl_module (shared)
Syntax OK

thanks ahead of time!

dmc


HansH

unread,
Nov 7, 2009, 7:13:54 PM11/7/09
to
"horus" <ho...@sonic.net> schreef in bericht
news:4af605d0$0$2040$742e...@news.sonic.net...

> "POST /blah.php HTTP/1.1" 200
>
> How to I block the above action on my apache server????
>
At best you can make Apache not serving it
http://httpd.apache.org/docs/2.0/mod/core.html#limit

HansH


horus

unread,
Nov 8, 2009, 1:30:01 AM11/8/09
to
"HansH" <ha...@invalid.invalid> wrote in message
news:4af60da5$0$83238$e4fe...@news.xs4all.nl...

Hi Hans,

I get the following:

/usr/local/apache2/conf # ../bin/apachectl configtest
Syntax error on line 3990 of /usr/local/apache2/conf/httpd.conf:
Require not allowed here

here's part of the virtual host config:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
TransferLog /var/log/httpd/mmm/active/access_log
ScriptAlias /cgi-bin/ /var/www/html/active/grb/cgi-bin/
<Limit POST PUT DELETE>
Require valid-user
</Limit>

dmc

>
> HansH
>


HansH

unread,
Nov 8, 2009, 8:13:52 AM11/8/09
to
"horus" <ho...@sonic.net> schreef in bericht
news:4af66566$0$1972$742e...@news.sonic.net...

>> At best you can make Apache not serving it
>> http://httpd.apache.org/docs/2.0/mod/core.html#limit
>
> I get the following:
>
> /usr/local/apache2/conf # ../bin/apachectl configtest
> Syntax error on line 3990 of /usr/local/apache2/conf/httpd.conf:
> Require not allowed here
>
> here's part of the virtual host config:
>
> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
> \"%{User-agent}i\""
> TransferLog /var/log/httpd/mmm/active/access_log
> ScriptAlias /cgi-bin/ /var/www/html/active/grb/cgi-bin/
> <Limit POST PUT DELETE>
> Require valid-user
> </Limit>
>
Require has context limitation, wrap the three lines in a <Location
/>..</Location> pair.
http://httpd.apache.org/docs/2.0/mod/core.html#require
http://httpd.apache.org/docs/2.0/mod/directive-dict.html#Context

For the more paranoid just allow only the bare necessities:
<Location />
<LimitExcept GET HEAD>
Require valid-user
</LimitExcept>
</Location>

HansH
--
RTF Manual is not provided, try HTML.


horus

unread,
Nov 8, 2009, 3:53:45 PM11/8/09
to

"HansH" <ha...@invalid.invalid> wrote in message
news:4af6c41b$0$83237$e4fe...@news.xs4all.nl...
> </LimitExcept>
> </Location>

Thanks Hans, I've applied the above to the particular virtual web site.

:-)

0 new messages