It is important to disable insecure HTTP methods in Apache web server such as OPTIONS, HEAD, PUT, DELETE if your website does not need them as they can lead to security vulnerabilities. In this article, we will look at how to disable HTTP OPTIONS methods in Apache. You can also use these steps to disable HEAD, PUT, DELETE methods.
How To Disable HTTP Options Methods in Apache
Here are the steps to disable HTTP OPTIONS methods in Apache web server. We will need to enable mod_rewrite module in Apache to disable HTTP methods.
1. Open htaccess file
Before proceeding, please enable mod_rewrite (.htaccess) in your Apache web server.
Open .htaccess file, typically located at /var/www/html/.htaccess
$ sudo vi /var/www/html/.htaccess
Also Read : How to Set Default Character Set to UTF8 in Apache
2. Disable HTTP OPTIONS methods
Add the following lines to your .htaccess file to disable OPTIONS, TRACE and TRACK methods.
RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS) RewriteRule .* - [F]
In the above code, the first line tells Apache to enable mod_rewrite. The second line matches the request method with OPTIONS, TRACE and TRACK methods. The third line forbids access to all such matching methods.
Also read : How to Change Default Timezone
So, to summarize, Apache forbids access to all requests whose HTTP method is OPTIONS, TRACE or TRACK.
Similarly, you can disable HEAD, PUT, DELETE methods by adding/replacing
TRACE|TRACK|OPTIONS
with other HTTP methods. Here is the configuration to disable HEAD, PUT, DELETE methods.
RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(HEAD|PUT|DELETE) RewriteRule .* - [F]
Also Read : How to Enable mod_rewrite in XAMPP, WAMP
3. Restart Apache Web Server
Restart Apache web server to apply changes.
$ sudo service apache2 restart
Hopefully, this article will help you disable HTTP OPTIONS method for your Apache web server.
Ubiq makes it easy to visualize data in minutes, and monitor in real-time dashboards. Try it Today!