Restrict POST request to Website

From Brian Nelson Ramblings

Revision as of 11:29, 3 June 2016 by Brian (Talk | contribs) (Created page with "==Restrict POST request to website== Do you need to limit the POST requests to your site? Best way to do that is allow only specific ips to POST to your site. RewriteCond...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Restrict POST request to website

Do you need to limit the POST requests to your site? Best way to do that is allow only specific ips to POST to your site.

RewriteCond %{REQUEST_METHOD} POST
# allow the server to POST to itself
RewriteCond %{REMOTE_ADDR} !127.0.0.1    
# allow POST from trusted users
RewriteCond %{REMOTE_ADDR} !123.456.789.123    
 # send all other post requests to 403 forbidden
RewriteRule ^ / [F]

If you would prefer to send post request to the home page of your site instead replace [F] in the last line with [R,L]

You'd replace the / with where your "home page" is if it isn't just /.

Retrieved from "https://briansnelson.com/index.php?title=Restrict_POST_request_to_Website&oldid=893"