where to add code for disabling OPTIONS method in apacheSetting path for apacheApache 2.4 for Production...

What to do when being responsible for data protection in your lab, yet advice is ignored?

Avoiding morning and evening handshakes

How to add multiple differently colored borders around a node?

Which aircraft had such a luxurious-looking navigator's station?

Quenching swords in dragon blood; why?

A Wacky, Wacky Chessboard (That Makes No Sense)

Where is this triangular-shaped space station from?

Proof by Induction - New to proofs

Word to be used for "standing with your toes pointing out"

Why zero tolerance on nudity in space?

raspberry pi change directory (cd) command not working with USB drive

How do Japanese speakers determine the implied topic when none has been mentioned?

Can chords be played on the flute?

Eww, those bytes are gross

How much time does it take for a broken magnet to recover its poles?

Predict mars robot position

Why is commutativity optional in multiplication for rings?

Wanted: 5.25 floppy to usb adapter

Sometimes a banana is just a banana

If all harmonics are generated by plucking, how does a guitar string produce a pure frequency sound?

Is divide-by-zero a security vulnerability?

What's the rationale behind the objections to these measures against human trafficking?

How to satisfy a player character's curiosity about another player character?

What is the purpose of easy combat scenarios that don't need resource expenditure?



where to add code for disabling OPTIONS method in apache


Setting path for apacheApache 2.4 for Production Environmentadd X-Robots-Tag to apache configI want to enable Apache in serving files from eSATA . ubuntu 14.04. Home serverAm I using correctly Options directive on Apache?I'm getting this “You should replace this file (located at /var/www/html/index.html)” after update to v14.4 ubuntuPHP Code is not running on my Apache serverPHP code not showing on Apache 2.4Disabling LetsEncrypt on ApacheWhere should I put the Apache headers?













0















a web application security assessment recommends me to disable OPTIONS method on the webserver



im running Apache/2.2.22(ubuntu)



The solution i found so far was to add this certain code.



RewriteEngine on
RewriteCond %{THE_REQUEST} !^(POST|GET) /.* HTTP/1.1$
RewriteRule .* - [F]


im quite confused where to add this specific code, i have 3 .conf on my /etc/apache2




  • apache2.conf

  • httpd.conf

  • ports.conf


do i just add the snippet anywhere inside the .conf file?





[edit]



after adding the config on my apache2.conf OR httpd.conf im getting this error when i try to restart



Invalid command 'RewriteCond', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.

The Apache error log may have more information.
...fail!




[edit2]



<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://192.168.5.1/web/">here</a>.</p>
<hr>
<address>Apache/2.2.22 (Ubuntu) Server at 192.168.5.1 Port 80</address>
</body></html>









share|improve this question
















bumped to the homepage by Community 8 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
















  • Are you using virtual hosts for your sites?

    – Rahil Wazir
    Dec 12 '13 at 6:47













  • no. i just access my website by 'IP/website'

    – user1666411
    Dec 12 '13 at 6:53
















0















a web application security assessment recommends me to disable OPTIONS method on the webserver



im running Apache/2.2.22(ubuntu)



The solution i found so far was to add this certain code.



RewriteEngine on
RewriteCond %{THE_REQUEST} !^(POST|GET) /.* HTTP/1.1$
RewriteRule .* - [F]


im quite confused where to add this specific code, i have 3 .conf on my /etc/apache2




  • apache2.conf

  • httpd.conf

  • ports.conf


do i just add the snippet anywhere inside the .conf file?





[edit]



after adding the config on my apache2.conf OR httpd.conf im getting this error when i try to restart



Invalid command 'RewriteCond', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.

The Apache error log may have more information.
...fail!




[edit2]



<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://192.168.5.1/web/">here</a>.</p>
<hr>
<address>Apache/2.2.22 (Ubuntu) Server at 192.168.5.1 Port 80</address>
</body></html>









share|improve this question
















bumped to the homepage by Community 8 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
















  • Are you using virtual hosts for your sites?

    – Rahil Wazir
    Dec 12 '13 at 6:47













  • no. i just access my website by 'IP/website'

    – user1666411
    Dec 12 '13 at 6:53














0












0








0








a web application security assessment recommends me to disable OPTIONS method on the webserver



im running Apache/2.2.22(ubuntu)



The solution i found so far was to add this certain code.



RewriteEngine on
RewriteCond %{THE_REQUEST} !^(POST|GET) /.* HTTP/1.1$
RewriteRule .* - [F]


im quite confused where to add this specific code, i have 3 .conf on my /etc/apache2




  • apache2.conf

  • httpd.conf

  • ports.conf


do i just add the snippet anywhere inside the .conf file?





[edit]



after adding the config on my apache2.conf OR httpd.conf im getting this error when i try to restart



Invalid command 'RewriteCond', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.

The Apache error log may have more information.
...fail!




[edit2]



<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://192.168.5.1/web/">here</a>.</p>
<hr>
<address>Apache/2.2.22 (Ubuntu) Server at 192.168.5.1 Port 80</address>
</body></html>









share|improve this question
















a web application security assessment recommends me to disable OPTIONS method on the webserver



im running Apache/2.2.22(ubuntu)



The solution i found so far was to add this certain code.



RewriteEngine on
RewriteCond %{THE_REQUEST} !^(POST|GET) /.* HTTP/1.1$
RewriteRule .* - [F]


im quite confused where to add this specific code, i have 3 .conf on my /etc/apache2




  • apache2.conf

  • httpd.conf

  • ports.conf


do i just add the snippet anywhere inside the .conf file?





[edit]



after adding the config on my apache2.conf OR httpd.conf im getting this error when i try to restart



Invalid command 'RewriteCond', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.

The Apache error log may have more information.
...fail!




[edit2]



<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://192.168.5.1/web/">here</a>.</p>
<hr>
<address>Apache/2.2.22 (Ubuntu) Server at 192.168.5.1 Port 80</address>
</body></html>






server apache2






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 12 '13 at 7:18







user1666411

















asked Dec 12 '13 at 6:42









user1666411user1666411

23139




23139





bumped to the homepage by Community 8 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







bumped to the homepage by Community 8 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.















  • Are you using virtual hosts for your sites?

    – Rahil Wazir
    Dec 12 '13 at 6:47













  • no. i just access my website by 'IP/website'

    – user1666411
    Dec 12 '13 at 6:53



















  • Are you using virtual hosts for your sites?

    – Rahil Wazir
    Dec 12 '13 at 6:47













  • no. i just access my website by 'IP/website'

    – user1666411
    Dec 12 '13 at 6:53

















Are you using virtual hosts for your sites?

– Rahil Wazir
Dec 12 '13 at 6:47







Are you using virtual hosts for your sites?

– Rahil Wazir
Dec 12 '13 at 6:47















no. i just access my website by 'IP/website'

– user1666411
Dec 12 '13 at 6:53





no. i just access my website by 'IP/website'

– user1666411
Dec 12 '13 at 6:53










1 Answer
1






active

oldest

votes


















0














If you have configured vhosts for your site you can add inside your required vhosts. If not you can simply add to httpd.conf if not exists add to apache2.conf file.






share|improve this answer


























  • ok, so after i add the code. how do i check if its implemented? or how do i check if the code is working?

    – user1666411
    Dec 12 '13 at 6:58











  • You can make request using curl to your website like PUT DELETE they will surely give 403 Forbidden except for POST, GET.

    – Rahil Wazir
    Dec 12 '13 at 7:01













  • hi, can you check my edit above? i seem to be getting some kind of error when i try to add the code and restart the server.

    – user1666411
    Dec 12 '13 at 7:07











  • Try to add in apache2.conf and where you have pasted the code? Please add code to the last line of document. It seems working here.

    – Rahil Wazir
    Dec 12 '13 at 7:10













  • sorry i didn't know that i need to enable rewrite first. it accepts the code. now im getting 301 Moved Permanently

    – user1666411
    Dec 12 '13 at 7:43











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f389611%2fwhere-to-add-code-for-disabling-options-method-in-apache%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









0














If you have configured vhosts for your site you can add inside your required vhosts. If not you can simply add to httpd.conf if not exists add to apache2.conf file.






share|improve this answer


























  • ok, so after i add the code. how do i check if its implemented? or how do i check if the code is working?

    – user1666411
    Dec 12 '13 at 6:58











  • You can make request using curl to your website like PUT DELETE they will surely give 403 Forbidden except for POST, GET.

    – Rahil Wazir
    Dec 12 '13 at 7:01













  • hi, can you check my edit above? i seem to be getting some kind of error when i try to add the code and restart the server.

    – user1666411
    Dec 12 '13 at 7:07











  • Try to add in apache2.conf and where you have pasted the code? Please add code to the last line of document. It seems working here.

    – Rahil Wazir
    Dec 12 '13 at 7:10













  • sorry i didn't know that i need to enable rewrite first. it accepts the code. now im getting 301 Moved Permanently

    – user1666411
    Dec 12 '13 at 7:43
















0














If you have configured vhosts for your site you can add inside your required vhosts. If not you can simply add to httpd.conf if not exists add to apache2.conf file.






share|improve this answer


























  • ok, so after i add the code. how do i check if its implemented? or how do i check if the code is working?

    – user1666411
    Dec 12 '13 at 6:58











  • You can make request using curl to your website like PUT DELETE they will surely give 403 Forbidden except for POST, GET.

    – Rahil Wazir
    Dec 12 '13 at 7:01













  • hi, can you check my edit above? i seem to be getting some kind of error when i try to add the code and restart the server.

    – user1666411
    Dec 12 '13 at 7:07











  • Try to add in apache2.conf and where you have pasted the code? Please add code to the last line of document. It seems working here.

    – Rahil Wazir
    Dec 12 '13 at 7:10













  • sorry i didn't know that i need to enable rewrite first. it accepts the code. now im getting 301 Moved Permanently

    – user1666411
    Dec 12 '13 at 7:43














0












0








0







If you have configured vhosts for your site you can add inside your required vhosts. If not you can simply add to httpd.conf if not exists add to apache2.conf file.






share|improve this answer















If you have configured vhosts for your site you can add inside your required vhosts. If not you can simply add to httpd.conf if not exists add to apache2.conf file.







share|improve this answer














share|improve this answer



share|improve this answer








edited Dec 12 '13 at 7:13

























answered Dec 12 '13 at 6:54









Rahil WazirRahil Wazir

16938




16938













  • ok, so after i add the code. how do i check if its implemented? or how do i check if the code is working?

    – user1666411
    Dec 12 '13 at 6:58











  • You can make request using curl to your website like PUT DELETE they will surely give 403 Forbidden except for POST, GET.

    – Rahil Wazir
    Dec 12 '13 at 7:01













  • hi, can you check my edit above? i seem to be getting some kind of error when i try to add the code and restart the server.

    – user1666411
    Dec 12 '13 at 7:07











  • Try to add in apache2.conf and where you have pasted the code? Please add code to the last line of document. It seems working here.

    – Rahil Wazir
    Dec 12 '13 at 7:10













  • sorry i didn't know that i need to enable rewrite first. it accepts the code. now im getting 301 Moved Permanently

    – user1666411
    Dec 12 '13 at 7:43



















  • ok, so after i add the code. how do i check if its implemented? or how do i check if the code is working?

    – user1666411
    Dec 12 '13 at 6:58











  • You can make request using curl to your website like PUT DELETE they will surely give 403 Forbidden except for POST, GET.

    – Rahil Wazir
    Dec 12 '13 at 7:01













  • hi, can you check my edit above? i seem to be getting some kind of error when i try to add the code and restart the server.

    – user1666411
    Dec 12 '13 at 7:07











  • Try to add in apache2.conf and where you have pasted the code? Please add code to the last line of document. It seems working here.

    – Rahil Wazir
    Dec 12 '13 at 7:10













  • sorry i didn't know that i need to enable rewrite first. it accepts the code. now im getting 301 Moved Permanently

    – user1666411
    Dec 12 '13 at 7:43

















ok, so after i add the code. how do i check if its implemented? or how do i check if the code is working?

– user1666411
Dec 12 '13 at 6:58





ok, so after i add the code. how do i check if its implemented? or how do i check if the code is working?

– user1666411
Dec 12 '13 at 6:58













You can make request using curl to your website like PUT DELETE they will surely give 403 Forbidden except for POST, GET.

– Rahil Wazir
Dec 12 '13 at 7:01







You can make request using curl to your website like PUT DELETE they will surely give 403 Forbidden except for POST, GET.

– Rahil Wazir
Dec 12 '13 at 7:01















hi, can you check my edit above? i seem to be getting some kind of error when i try to add the code and restart the server.

– user1666411
Dec 12 '13 at 7:07





hi, can you check my edit above? i seem to be getting some kind of error when i try to add the code and restart the server.

– user1666411
Dec 12 '13 at 7:07













Try to add in apache2.conf and where you have pasted the code? Please add code to the last line of document. It seems working here.

– Rahil Wazir
Dec 12 '13 at 7:10







Try to add in apache2.conf and where you have pasted the code? Please add code to the last line of document. It seems working here.

– Rahil Wazir
Dec 12 '13 at 7:10















sorry i didn't know that i need to enable rewrite first. it accepts the code. now im getting 301 Moved Permanently

– user1666411
Dec 12 '13 at 7:43





sorry i didn't know that i need to enable rewrite first. it accepts the code. now im getting 301 Moved Permanently

– user1666411
Dec 12 '13 at 7:43


















draft saved

draft discarded




















































Thanks for contributing an answer to Ask Ubuntu!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f389611%2fwhere-to-add-code-for-disabling-options-method-in-apache%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Why do type traits not work with types in namespace scope?What are POD types in C++?Why can templates only be...

Will tsunami waves travel forever if there was no land?Why do tsunami waves begin with the water flowing away...

Simple Scan not detecting my scanner (Brother DCP-7055W)Brother MFC-L2700DW printer can print, can't...