Difference between revisions of "Restrict POST request to Website"

From Brian Nelson Ramblings
Jump to: navigation, search
(Created page with "==Restrict POST request to website== Do you need to limit the POST requests to your site? Best way to do that is allow only specific ips to POST to your site. RewriteCond...")
 
(No difference)

Latest revision as of 11:29, 3 June 2016

Restrict POST request to website

Do you need to limit the POST requests to your site? Best way to do that is allow only specific ips to POST to your site. 

RewriteCond %{REQUEST_METHOD} POST
# allow the server to POST to itself
RewriteCond %{REMOTE_ADDR} !127.0.0.1    
# allow POST from trusted users
RewriteCond %{REMOTE_ADDR} !123.456.789.123    
 # send all other post requests to 403 forbidden
RewriteRule ^ / [F]

If you would prefer to send post request to the home page of your site instead replace [F] in the last line with [R,L]

You'd replace the / with where your "home page" is if it isn't just /.

Retrieved from "https://briansnelson.com/index.php?title=Restrict_POST_request_to_Website&oldid=893"