Dino Geek, try to help you

How to disable HTTP PUT and DELETE methods?


Disabling HTTP PUT and DELETE methods can enhance the security of a web server by preventing clients from performing actions that could potentially alter the server’s state or data. Below are steps and configurations for popular web servers like Apache, Nginx, and IIS to achieve this. Each example will include references to reliable and recognized sources.

  1. Apache

1. Edit the Configuration File: Modify the Apache configuration file (httpd.conf) or specific virtual host configuration files.

\`\`\`apache Require all denied \`\`\`

1. Restart Apache: After making the changes, restart the Apache service:

\`\`\`sh sudo systemctl restart apache2 \`\`\`

Source:
- Apache HTTP Server Documentation: https://httpd.apache.org/docs/2.4/mod/core.html#limit

  1. Nginx

1. Edit the Configuration File: Modify your Nginx site configuration file (usually found in `/etc/nginx/sites-available/your_site`).

\`\`\`nginx server { listen 80; server\_name example.com; location / { … if ($request\_method ~\* “(PUT|DELETE)”) { return 405; } } } \`\`\`

1. Test Configuration: Test the configuration for any syntax errors:

\`\`\`sh sudo nginx -t \`\`\`

1. Restart Nginx: Restart the Nginx service to apply the changes:

\`\`\`sh sudo systemctl restart nginx \`\`\`

Source:
- Nginx Official Documentation: https://nginx.org/en/docs/http/ngx_http_core\_module.html#if

  1. IIS (Internet Information Services)

1. URL Rewrite Module: If the URL Rewrite module isn’t installed, download and install it from the [Microsoft website](https://www.iis.net/downloads/microsoft/url-rewrite).

1. Modify Web.config: Add the following rule to the `web.config` file in your web application’s root directory.

\`\`\`xml \`\`\`

1. Restart IIS: Restart the IIS server to apply the changes:

\`\`\`sh iisreset \`\`\`

Source:
- Microsoft Documentation for URL Rewrite Module: https://docs.microsoft.com/en-us/iis/extensions/url-rewrite-module/using-url-rewrite-module-20

  1. Examples and Extra Considerations

  1. Example 1: Preventing Data Manipulation

If your web application only serves static content, allowing methods like PUT and DELETE may expose it to risks. For instance, malicious users might try to upload or delete files if these methods are enabled. By blocking these methods, you mitigate the risk of such unauthorized actions.

  1. Example 2: API Endpoints

In cases where your application includes API endpoints that do not require data modification, disabling PUT and DELETE methods protects the data integrity. If an API only serves GET requests, there’s no reason to enable other HTTP methods, minimizing potential attack vectors.

  1. Conclusion

Disabling HTTP PUT and DELETE methods is a straightforward yet effective way to enhance web server security. Through configurations on Apache, Nginx, and IIS, you can ensure these methods are blocked, reducing the risk of unauthorized data manipulation. Always refer to the official documentation corresponding to the web server you are using for the most accurate and up-to-date instructions.

By following these steps, you will leverage best practices in web server configuration, thereby strengthening your application’s security posture.


Simply generate articles to optimize your SEO
Simply generate articles to optimize your SEO





DinoGeek offers simple articles on complex technologies

Would you like to be quoted in this article? It's very simple, contact us at dino@eiki.fr

CSS | NodeJS | DNS | DMARC | MAPI | NNTP | htaccess | PHP | HTTPS | Drupal | WEB3 | LLM | Wordpress | TLD | Domain name | IMAP | TCP | NFT | MariaDB | FTP | Zigbee | NMAP | SNMP | SEO | E-Mail | LXC | HTTP | MangoDB | SFTP | RAG | SSH | HTML | ChatGPT API | OSPF | JavaScript | Docker | OpenVZ | ChatGPT | VPS | ZIMBRA | SPF | UDP | Joomla | IPV6 | BGP | Django | Reactjs | DKIM | VMWare | RSYNC | Python | TFTP | Webdav | FAAS | Apache | IPV4 | LDAP | POP3 | SMTP

| Whispers of love (API) | Déclaration d'Amour |






Legal Notice / General Conditions of Use