where to add code for disabling OPTIONS method in apacheSetting path for apacheApache 2.4 for Production...
What to do when being responsible for data protection in your lab, yet advice is ignored?
Avoiding morning and evening handshakes
How to add multiple differently colored borders around a node?
Which aircraft had such a luxurious-looking navigator's station?
Quenching swords in dragon blood; why?
A Wacky, Wacky Chessboard (That Makes No Sense)
Where is this triangular-shaped space station from?
Proof by Induction - New to proofs
Word to be used for "standing with your toes pointing out"
Why zero tolerance on nudity in space?
raspberry pi change directory (cd) command not working with USB drive
How do Japanese speakers determine the implied topic when none has been mentioned?
Can chords be played on the flute?
Eww, those bytes are gross
How much time does it take for a broken magnet to recover its poles?
Predict mars robot position
Why is commutativity optional in multiplication for rings?
Wanted: 5.25 floppy to usb adapter
Sometimes a banana is just a banana
If all harmonics are generated by plucking, how does a guitar string produce a pure frequency sound?
Is divide-by-zero a security vulnerability?
What's the rationale behind the objections to these measures against human trafficking?
How to satisfy a player character's curiosity about another player character?
What is the purpose of easy combat scenarios that don't need resource expenditure?
where to add code for disabling OPTIONS method in apache
Setting path for apacheApache 2.4 for Production Environmentadd X-Robots-Tag to apache configI want to enable Apache in serving files from eSATA . ubuntu 14.04. Home serverAm I using correctly Options directive on Apache?I'm getting this “You should replace this file (located at /var/www/html/index.html)” after update to v14.4 ubuntuPHP Code is not running on my Apache serverPHP code not showing on Apache 2.4Disabling LetsEncrypt on ApacheWhere should I put the Apache headers?
a web application security assessment recommends me to disable OPTIONS method on the webserver
im running Apache/2.2.22(ubuntu)
The solution i found so far was to add this certain code.
RewriteEngine on
RewriteCond %{THE_REQUEST} !^(POST|GET) /.* HTTP/1.1$
RewriteRule .* - [F]
im quite confused where to add this specific code, i have 3 .conf
on my /etc/apache2
- apache2.conf
- httpd.conf
- ports.conf
do i just add the snippet anywhere inside the .conf
file?
[edit]
after adding the config on my apache2.conf
OR httpd.conf
im getting this error when i try to restart
Invalid command 'RewriteCond', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.
The Apache error log may have more information.
...fail!
[edit2]
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://192.168.5.1/web/">here</a>.</p>
<hr>
<address>Apache/2.2.22 (Ubuntu) Server at 192.168.5.1 Port 80</address>
</body></html>
server apache2
bumped to the homepage by Community♦ 8 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
a web application security assessment recommends me to disable OPTIONS method on the webserver
im running Apache/2.2.22(ubuntu)
The solution i found so far was to add this certain code.
RewriteEngine on
RewriteCond %{THE_REQUEST} !^(POST|GET) /.* HTTP/1.1$
RewriteRule .* - [F]
im quite confused where to add this specific code, i have 3 .conf
on my /etc/apache2
- apache2.conf
- httpd.conf
- ports.conf
do i just add the snippet anywhere inside the .conf
file?
[edit]
after adding the config on my apache2.conf
OR httpd.conf
im getting this error when i try to restart
Invalid command 'RewriteCond', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.
The Apache error log may have more information.
...fail!
[edit2]
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://192.168.5.1/web/">here</a>.</p>
<hr>
<address>Apache/2.2.22 (Ubuntu) Server at 192.168.5.1 Port 80</address>
</body></html>
server apache2
bumped to the homepage by Community♦ 8 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
Are you usingvirtual hosts
for your sites?
– Rahil Wazir
Dec 12 '13 at 6:47
no. i just access my website by 'IP/website'
– user1666411
Dec 12 '13 at 6:53
add a comment |
a web application security assessment recommends me to disable OPTIONS method on the webserver
im running Apache/2.2.22(ubuntu)
The solution i found so far was to add this certain code.
RewriteEngine on
RewriteCond %{THE_REQUEST} !^(POST|GET) /.* HTTP/1.1$
RewriteRule .* - [F]
im quite confused where to add this specific code, i have 3 .conf
on my /etc/apache2
- apache2.conf
- httpd.conf
- ports.conf
do i just add the snippet anywhere inside the .conf
file?
[edit]
after adding the config on my apache2.conf
OR httpd.conf
im getting this error when i try to restart
Invalid command 'RewriteCond', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.
The Apache error log may have more information.
...fail!
[edit2]
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://192.168.5.1/web/">here</a>.</p>
<hr>
<address>Apache/2.2.22 (Ubuntu) Server at 192.168.5.1 Port 80</address>
</body></html>
server apache2
a web application security assessment recommends me to disable OPTIONS method on the webserver
im running Apache/2.2.22(ubuntu)
The solution i found so far was to add this certain code.
RewriteEngine on
RewriteCond %{THE_REQUEST} !^(POST|GET) /.* HTTP/1.1$
RewriteRule .* - [F]
im quite confused where to add this specific code, i have 3 .conf
on my /etc/apache2
- apache2.conf
- httpd.conf
- ports.conf
do i just add the snippet anywhere inside the .conf
file?
[edit]
after adding the config on my apache2.conf
OR httpd.conf
im getting this error when i try to restart
Invalid command 'RewriteCond', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.
The Apache error log may have more information.
...fail!
[edit2]
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://192.168.5.1/web/">here</a>.</p>
<hr>
<address>Apache/2.2.22 (Ubuntu) Server at 192.168.5.1 Port 80</address>
</body></html>
server apache2
server apache2
edited Dec 12 '13 at 7:18
user1666411
asked Dec 12 '13 at 6:42
user1666411user1666411
23139
23139
bumped to the homepage by Community♦ 8 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 8 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
Are you usingvirtual hosts
for your sites?
– Rahil Wazir
Dec 12 '13 at 6:47
no. i just access my website by 'IP/website'
– user1666411
Dec 12 '13 at 6:53
add a comment |
Are you usingvirtual hosts
for your sites?
– Rahil Wazir
Dec 12 '13 at 6:47
no. i just access my website by 'IP/website'
– user1666411
Dec 12 '13 at 6:53
Are you using
virtual hosts
for your sites?– Rahil Wazir
Dec 12 '13 at 6:47
Are you using
virtual hosts
for your sites?– Rahil Wazir
Dec 12 '13 at 6:47
no. i just access my website by 'IP/website'
– user1666411
Dec 12 '13 at 6:53
no. i just access my website by 'IP/website'
– user1666411
Dec 12 '13 at 6:53
add a comment |
1 Answer
1
active
oldest
votes
If you have configured vhosts
for your site you can add inside your required vhosts
. If not you can simply add to httpd.conf
if not exists add to apache2.conf
file.
ok, so after i add the code. how do i check if its implemented? or how do i check if the code is working?
– user1666411
Dec 12 '13 at 6:58
You can make request usingcurl
to your website likePUT
DELETE
they will surely give403 Forbidden
except forPOST
,GET
.
– Rahil Wazir
Dec 12 '13 at 7:01
hi, can you check my edit above? i seem to be getting some kind of error when i try to add the code and restart the server.
– user1666411
Dec 12 '13 at 7:07
Try to add inapache2.conf
and where you have pasted the code? Please add code to the last line of document. It seems working here.
– Rahil Wazir
Dec 12 '13 at 7:10
sorry i didn't know that i need to enablerewrite
first. it accepts the code. now im getting301 Moved Permanently
– user1666411
Dec 12 '13 at 7:43
|
show 2 more comments
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f389611%2fwhere-to-add-code-for-disabling-options-method-in-apache%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
If you have configured vhosts
for your site you can add inside your required vhosts
. If not you can simply add to httpd.conf
if not exists add to apache2.conf
file.
ok, so after i add the code. how do i check if its implemented? or how do i check if the code is working?
– user1666411
Dec 12 '13 at 6:58
You can make request usingcurl
to your website likePUT
DELETE
they will surely give403 Forbidden
except forPOST
,GET
.
– Rahil Wazir
Dec 12 '13 at 7:01
hi, can you check my edit above? i seem to be getting some kind of error when i try to add the code and restart the server.
– user1666411
Dec 12 '13 at 7:07
Try to add inapache2.conf
and where you have pasted the code? Please add code to the last line of document. It seems working here.
– Rahil Wazir
Dec 12 '13 at 7:10
sorry i didn't know that i need to enablerewrite
first. it accepts the code. now im getting301 Moved Permanently
– user1666411
Dec 12 '13 at 7:43
|
show 2 more comments
If you have configured vhosts
for your site you can add inside your required vhosts
. If not you can simply add to httpd.conf
if not exists add to apache2.conf
file.
ok, so after i add the code. how do i check if its implemented? or how do i check if the code is working?
– user1666411
Dec 12 '13 at 6:58
You can make request usingcurl
to your website likePUT
DELETE
they will surely give403 Forbidden
except forPOST
,GET
.
– Rahil Wazir
Dec 12 '13 at 7:01
hi, can you check my edit above? i seem to be getting some kind of error when i try to add the code and restart the server.
– user1666411
Dec 12 '13 at 7:07
Try to add inapache2.conf
and where you have pasted the code? Please add code to the last line of document. It seems working here.
– Rahil Wazir
Dec 12 '13 at 7:10
sorry i didn't know that i need to enablerewrite
first. it accepts the code. now im getting301 Moved Permanently
– user1666411
Dec 12 '13 at 7:43
|
show 2 more comments
If you have configured vhosts
for your site you can add inside your required vhosts
. If not you can simply add to httpd.conf
if not exists add to apache2.conf
file.
If you have configured vhosts
for your site you can add inside your required vhosts
. If not you can simply add to httpd.conf
if not exists add to apache2.conf
file.
edited Dec 12 '13 at 7:13
answered Dec 12 '13 at 6:54
Rahil WazirRahil Wazir
16938
16938
ok, so after i add the code. how do i check if its implemented? or how do i check if the code is working?
– user1666411
Dec 12 '13 at 6:58
You can make request usingcurl
to your website likePUT
DELETE
they will surely give403 Forbidden
except forPOST
,GET
.
– Rahil Wazir
Dec 12 '13 at 7:01
hi, can you check my edit above? i seem to be getting some kind of error when i try to add the code and restart the server.
– user1666411
Dec 12 '13 at 7:07
Try to add inapache2.conf
and where you have pasted the code? Please add code to the last line of document. It seems working here.
– Rahil Wazir
Dec 12 '13 at 7:10
sorry i didn't know that i need to enablerewrite
first. it accepts the code. now im getting301 Moved Permanently
– user1666411
Dec 12 '13 at 7:43
|
show 2 more comments
ok, so after i add the code. how do i check if its implemented? or how do i check if the code is working?
– user1666411
Dec 12 '13 at 6:58
You can make request usingcurl
to your website likePUT
DELETE
they will surely give403 Forbidden
except forPOST
,GET
.
– Rahil Wazir
Dec 12 '13 at 7:01
hi, can you check my edit above? i seem to be getting some kind of error when i try to add the code and restart the server.
– user1666411
Dec 12 '13 at 7:07
Try to add inapache2.conf
and where you have pasted the code? Please add code to the last line of document. It seems working here.
– Rahil Wazir
Dec 12 '13 at 7:10
sorry i didn't know that i need to enablerewrite
first. it accepts the code. now im getting301 Moved Permanently
– user1666411
Dec 12 '13 at 7:43
ok, so after i add the code. how do i check if its implemented? or how do i check if the code is working?
– user1666411
Dec 12 '13 at 6:58
ok, so after i add the code. how do i check if its implemented? or how do i check if the code is working?
– user1666411
Dec 12 '13 at 6:58
You can make request using
curl
to your website like PUT
DELETE
they will surely give 403 Forbidden
except for POST
, GET
.– Rahil Wazir
Dec 12 '13 at 7:01
You can make request using
curl
to your website like PUT
DELETE
they will surely give 403 Forbidden
except for POST
, GET
.– Rahil Wazir
Dec 12 '13 at 7:01
hi, can you check my edit above? i seem to be getting some kind of error when i try to add the code and restart the server.
– user1666411
Dec 12 '13 at 7:07
hi, can you check my edit above? i seem to be getting some kind of error when i try to add the code and restart the server.
– user1666411
Dec 12 '13 at 7:07
Try to add in
apache2.conf
and where you have pasted the code? Please add code to the last line of document. It seems working here.– Rahil Wazir
Dec 12 '13 at 7:10
Try to add in
apache2.conf
and where you have pasted the code? Please add code to the last line of document. It seems working here.– Rahil Wazir
Dec 12 '13 at 7:10
sorry i didn't know that i need to enable
rewrite
first. it accepts the code. now im getting 301 Moved Permanently
– user1666411
Dec 12 '13 at 7:43
sorry i didn't know that i need to enable
rewrite
first. it accepts the code. now im getting 301 Moved Permanently
– user1666411
Dec 12 '13 at 7:43
|
show 2 more comments
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f389611%2fwhere-to-add-code-for-disabling-options-method-in-apache%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Are you using
virtual hosts
for your sites?– Rahil Wazir
Dec 12 '13 at 6:47
no. i just access my website by 'IP/website'
– user1666411
Dec 12 '13 at 6:53