[UE] How to stop http POST
Added by sksinha_rm about 2 years ago
I want to disable http post in lighttpd.conf file, I have tied as below:
$HTTP["request-method"] =~ "^POST$"{
url.access-deny = ("")
}
Tried all combination of regex (like !~ etc as below, but no success).
OR
$HTTP["request-method"] =~ "^(POST)$"{
url.access-deny = ("")
}
OR
$HTTP["request-method"] !~ "^(GET|HEAD)$"{
url.access-deny = ("")
}
I can stop GET, but not POST.
Is there any other mechanism to stop only POST (not GET) ?
Am I do anything wrong ?
Replies (10)
RE: How to stop http POST - Added by gstrauss about 2 years ago
See How to get support
Did you test your lighttpd config and fix any syntax errors?
server.modules += ("mod_access") $HTTP["request-method"] == "POST" { url.access-deny = ("") }
RE: How to stop http POST - Added by sksinha_rm about 2 years ago
Yes, no syntax error and did try == also.
RE: How to stop http POST - Added by gstrauss about 2 years ago
Am I do anything wrong ?
Yes. The syntax I provided works fine. You must be doing something else wrong.
RE: How to stop http POST - Added by sksinha_rm about 2 years ago
I am using lighttpd-1.4.45. Below is complete lighttpd.conf. Can you see any obvious mistake (sorry to bother):
server.document-root = "/www/pages" #only accept SSL requests #server.port = 80 server.port = 443 server.username = "lighttpd" server.groupname = "lighttpd" server.tag = "lighttpd" ssl.engine = "enable" ssl.pemfile = "/etc/lighttpd.d/ssl/certificate/server.pem" ssl.disable-client-renegotiation = "enable" ssl.honor-cipher-order = "enable" ssl.cipher-list = "..." setenv.add-response-header = ( "Strict-Transport-Security" => "max-age=63072000; includeSubDomains; preload", "X-Frame-Options" => "DENY", "X-Content-Type-Options" => "nosniff" ) ssl.use-sslv2 = "disable" ssl.use-sslv3 = "disable" server.errorlog = "/var/tmp/lighttpd_error.log" accesslog.filename = "/var/tmp/lighttpd_access.log" server.breakagelog = "/var/tmp/lighttpd_breakage.log" server.network-backend = "writev" server.stat-cache-engine = "disable" server.modules = ( "mod_access", "mod_accesslog", "mod_auth", "mod_webdav", "mod_authn_file", "mod_fastcgi", "mod_rewrite", "mod_cgi", "mod_redirect", "mod_expire", "mod_setenv", "mod_alias" ) $HTTP["url"] =~ "\.nocache\." { setenv.add-response-header = ( "Cache-Control" => "public, max-age=0, must-revalidate" ) expire.url = ( "" => "access plus 0 days" ) } $HTTP["url"] =~ "\.cache\." { expire.url = ( "" => "access plus 1 years" ) } auth.backend = "htdigest" auth.backend.htdigest.userfile = "/etc/lighttpd.d/conf.d/lighttpd.user" $HTTP["url"] =~ ".asp" { auth.require = ( "/" => ( "method" => "digest", "realm" => "protected pages", "require" => "user=tester" ) ) $HTTP["request-method"] == "POST" { url.access-deny = ("") } url.redirect =("^/(.*)" => "cgi-bin/hello.cgi/?$1") } cgi.assign = ( ".cgi" => "" ) # mimetype mapping mimetype.assign = ( ".pdf" => "application/pdf", ".sig" => "application/pgp-signature", ".spl" => "application/futuresplash", ".class" => "application/octet-stream", ".ps" => "application/postscript", ".torrent" => "application/x-bittorrent", ".dvi" => "application/x-dvi", ".gz" => "application/x-gzip", ".pac" => "application/x-ns-proxy-autoconfig", ".swf" => "application/x-shockwave-flash", ".tar.gz" => "application/x-tgz", ".tgz" => "application/x-tgz", ".tar" => "application/x-tar", ".zip" => "application/zip", ".mp3" => "audio/mpeg", ".m3u" => "audio/x-mpegurl", ".wma" => "audio/x-ms-wma", ".wax" => "audio/x-ms-wax", ".ogg" => "audio/x-wav", ".wav" => "audio/x-wav", ".gif" => "image/gif", ".jpg" => "image/jpeg", ".jpeg" => "image/jpeg", ".png" => "image/png", ".xbm" => "image/x-xbitmap", ".xpm" => "image/x-xpixmap", ".xwd" => "image/x-xwindowdump", ".css" => "text/css", ".html" => "text/html", ".htm" => "text/html", ".asp" => "text/html", ".js" => "text/javascript", ".asc" => "text/plain", ".c" => "text/plain", ".conf" => "text/plain", ".text" => "text/plain", ".txt" => "text/plain", ".dtd" => "text/xml", ".xml" => "text/xml", ".mpeg" => "video/mpeg", ".mpg" => "video/mpeg", ".mov" => "video/quicktime", ".qt" => "video/quicktime", ".avi" => "video/x-msvideo", ".asf" => "video/x-ms-asf", ".asx" => "video/x-ms-asf", ".wmv" => "video/x-ms-wmv", ".bz2" => "application/x-bzip", ".tbz" => "application/x-bzip-compressed-tar", ".tar.bz2" => "application/x-bzip-compressed-tar" ) # Use the "Content-Type" extended attribute to obtain mime type if possible mimetype.use-xattr = "enable" index-file.names = ("/cgi-bin/hello.cgi")
RE: How to stop http POST - Added by gstrauss about 2 years ago
$HTTP["url"] =~ ".asp" { auth.require = ( "/" => ( "method" => "digest", "realm" => "protected pages", "require" => "user=tester" ) ) $HTTP["request-method"] == "POST" { url.access-deny = ("") } url.redirect =("^/(.*)" => "cgi-bin/hello.cgi/?$1") }
The request must match the $HTTP["url"] =~ ".asp"
condition for the POST request to be rejected.
RE: How to stop http POST - Added by sksinha_rm about 2 years ago
Yes, that matches. I am posting via .asp file.
RE: How to stop http POST - Added by sksinha_rm about 2 years ago
Works fine. Issue was url.redirect the webpage address to cgi-bin/hello.cgi/?*.asp, so condition for (*.asp) fails as re-directed url is cgi-bin/hello.cgi and querystring is *.asp. Thanks for all the help.
RE: [UE] How to stop http POST - Added by gstrauss about 2 years ago
Configuration: File Syntax$HTTP["url"]
match on url path (not including host or query-string)$HTTP["querystring"]
match on querystring, e.g. after the ? in this type url: index.php?module=images...
RE: [UE] How to stop http POST - Added by sksinha_rm about 2 years ago
Thanks, $HTTP["querystring"] is very useful information.
RE: [UE] How to stop http POST - Added by gstrauss about 2 years ago
Thanks, $HTTP["querystring"] is very useful information.
Please READ THE DOCUMENTATION before posting.