• Post category:Development
  • Reading time:1 min(s) read

Websites hosted on Apache and compatible servers (e.g. Litespeed Enterprise) can accept a wide range of request methods. I have created this article to explain how to deny or allow specific types of HTTP requests by editing the .htaccess file at the root of your website.

Blocking Request Methods

Add the following to your .htaccess file in the primary folder:

# Block Requests Methods
RewriteCond %{REQUEST_METHOD} ^(CONNECT|DEBUG|DELETE|MOVE|PUT|TRACE|TRACK) [NC]
RewriteRule .* - [F,L]

Only block what your website doesn’t use; otherwise, something may stop working.

Accept Request Methods

Add the following to your .htaccess in the primary folder:

# Accept Requests Methods
RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|OPTIONS|POST|PROPFIND|PUT) [NC]
RewriteRule .* - [F,L]

For security reasons, only allow what your website requires to work properly.