How do I add a ModSecurity rule to block certain http requests?

Question

I want to create a rule that blocks all http requests (get,post,put, literally all of them) and only allow certain ones that I specify. Specifically, Get, Put and Post. I am running ModSecurity V3.

If there is a rule that can do something like this, if someone wouldn't mind sharing the syntax, I would greatly appreciate it.

Note: Currently I am getting a 403 (Forbidden) response when I attempt to request for a POST/PUT. Not sure why this is.

Thanks!

`limit_except` is the way to block location request by HTTP method in nginx: http://nginx.org/en/docs/http/ngx_http_core_module.html#limit_except — , May 16 '22 at 15:26

score 2 · Answer 1 · answered May 17 '22 at 14:12

2

Using ModSecurity, try this rule (last 2 lines are optional):

SecRule REQUEST_METHOD "!@within GET POST PUT" \
    "id:20,\
    phase:1,\
    deny,\
    msg:'Method is not allowed by policy',\
    logdata:'%{MATCHED_VAR}'"

answered May 17 '22 at 14:12

azurit

286
1
7

How do I add a ModSecurity rule to block certain http requests?

1 Answers1