Abort any POST operation in IIS

Question

My site is getting DOS attack with POST VERB, my site is a static site and I am trying to stop any POST action on the home page.

I had the URL Rewrite installed on my server, so I am trying to write rule to abort POST on homepage, but it is not working. Any other ideas to stop the POST on the homepage alone?

Thanks

 <rewrite>
<rules>
    <rule name="Remove Home Page Post">
    <match url="/default.aspx" />
        <conditions>
            <add input="{HTTP_METHOD}" pattern="post" />
        </conditions>
        <action type="AbortRequest" />
    </rule>

</rules>

Change `/default.aspx` to `^default.aspx`. Anyway, you might want to consider using the [request filtering](http://www.iis.net/configreference/system.webserver/security/requestfiltering) feature instead. — cheesemacfly, May 15 '13 at 18:17

score 1 · Answer 1 · answered Jul 01 '13 at 18:44

1

If you have admin access on IIS. Run=>inetmgr

Go to your site. Right click properties. Home Directory Tab. Configuration=>.aspx => Edit Remove POST

Then apply the changes.

answered Jul 01 '13 at 18:44

vikingben

1,632
2
24
37

Abort any POST operation in IIS

1 Answers1