[UE] How to stop http POST
Added by sksinha_rm about 2 years ago
I want to disable http post in lighttpd.conf file, I have tied as below:
$HTTP["request-method"] =~ "^POST$"{
url.access-deny = ("")
}Tried all combination of regex (like !~ etc as below, but no success).
OR
$HTTP["request-method"] =~ "^(POST)$"{
url.access-deny = ("")
}OR
$HTTP["request-method"] !~ "^(GET|HEAD)$"{
url.access-deny = ("")
}I can stop GET, but not POST.
Is there any other mechanism to stop only POST (not GET) ?
Am I do anything wrong ?
Replies (10)
RE: How to stop http POST - Added by gstrauss about 2 years ago
See How to get support
Did you test your lighttpd config and fix any syntax errors?
server.modules += ("mod_access")
$HTTP["request-method"] == "POST" {
url.access-deny = ("")
}
RE: How to stop http POST - Added by sksinha_rm about 2 years ago
Yes, no syntax error and did try == also.
RE: How to stop http POST - Added by gstrauss about 2 years ago
Am I do anything wrong ?
Yes. The syntax I provided works fine. You must be doing something else wrong.
RE: How to stop http POST - Added by sksinha_rm about 2 years ago
I am using lighttpd-1.4.45. Below is complete lighttpd.conf. Can you see any obvious mistake (sorry to bother):
server.document-root = "/www/pages"
#only accept SSL requests
#server.port = 80
server.port = 443
server.username = "lighttpd"
server.groupname = "lighttpd"
server.tag = "lighttpd"
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd.d/ssl/certificate/server.pem"
ssl.disable-client-renegotiation = "enable"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "..."
setenv.add-response-header = (
"Strict-Transport-Security" => "max-age=63072000; includeSubDomains; preload",
"X-Frame-Options" => "DENY",
"X-Content-Type-Options" => "nosniff"
)
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
server.errorlog = "/var/tmp/lighttpd_error.log"
accesslog.filename = "/var/tmp/lighttpd_access.log"
server.breakagelog = "/var/tmp/lighttpd_breakage.log"
server.network-backend = "writev"
server.stat-cache-engine = "disable"
server.modules = (
"mod_access",
"mod_accesslog",
"mod_auth",
"mod_webdav",
"mod_authn_file",
"mod_fastcgi",
"mod_rewrite",
"mod_cgi",
"mod_redirect",
"mod_expire",
"mod_setenv",
"mod_alias"
)
$HTTP["url"] =~ "\.nocache\." {
setenv.add-response-header = ( "Cache-Control" => "public, max-age=0, must-revalidate" )
expire.url = ( "" => "access plus 0 days" )
}
$HTTP["url"] =~ "\.cache\." {
expire.url = ( "" => "access plus 1 years" )
}
auth.backend = "htdigest"
auth.backend.htdigest.userfile = "/etc/lighttpd.d/conf.d/lighttpd.user"
$HTTP["url"] =~ ".asp" {
auth.require = (
"/" => (
"method" => "digest",
"realm" => "protected pages",
"require" => "user=tester"
)
)
$HTTP["request-method"] == "POST" {
url.access-deny = ("")
}
url.redirect =("^/(.*)" => "cgi-bin/hello.cgi/?$1")
}
cgi.assign = (
".cgi" => ""
)
# mimetype mapping
mimetype.assign = (
".pdf" => "application/pdf",
".sig" => "application/pgp-signature",
".spl" => "application/futuresplash",
".class" => "application/octet-stream",
".ps" => "application/postscript",
".torrent" => "application/x-bittorrent",
".dvi" => "application/x-dvi",
".gz" => "application/x-gzip",
".pac" => "application/x-ns-proxy-autoconfig",
".swf" => "application/x-shockwave-flash",
".tar.gz" => "application/x-tgz",
".tgz" => "application/x-tgz",
".tar" => "application/x-tar",
".zip" => "application/zip",
".mp3" => "audio/mpeg",
".m3u" => "audio/x-mpegurl",
".wma" => "audio/x-ms-wma",
".wax" => "audio/x-ms-wax",
".ogg" => "audio/x-wav",
".wav" => "audio/x-wav",
".gif" => "image/gif",
".jpg" => "image/jpeg",
".jpeg" => "image/jpeg",
".png" => "image/png",
".xbm" => "image/x-xbitmap",
".xpm" => "image/x-xpixmap",
".xwd" => "image/x-xwindowdump",
".css" => "text/css",
".html" => "text/html",
".htm" => "text/html",
".asp" => "text/html",
".js" => "text/javascript",
".asc" => "text/plain",
".c" => "text/plain",
".conf" => "text/plain",
".text" => "text/plain",
".txt" => "text/plain",
".dtd" => "text/xml",
".xml" => "text/xml",
".mpeg" => "video/mpeg",
".mpg" => "video/mpeg",
".mov" => "video/quicktime",
".qt" => "video/quicktime",
".avi" => "video/x-msvideo",
".asf" => "video/x-ms-asf",
".asx" => "video/x-ms-asf",
".wmv" => "video/x-ms-wmv",
".bz2" => "application/x-bzip",
".tbz" => "application/x-bzip-compressed-tar",
".tar.bz2" => "application/x-bzip-compressed-tar"
)
# Use the "Content-Type" extended attribute to obtain mime type if possible
mimetype.use-xattr = "enable"
index-file.names = ("/cgi-bin/hello.cgi")
RE: How to stop http POST - Added by gstrauss about 2 years ago
$HTTP["url"] =~ ".asp" {
auth.require = (
"/" => (
"method" => "digest",
"realm" => "protected pages",
"require" => "user=tester"
)
)
$HTTP["request-method"] == "POST" {
url.access-deny = ("")
}
url.redirect =("^/(.*)" => "cgi-bin/hello.cgi/?$1")
}
The request must match the $HTTP["url"] =~ ".asp" condition for the POST request to be rejected.
RE: How to stop http POST - Added by sksinha_rm about 2 years ago
Yes, that matches. I am posting via .asp file.
RE: How to stop http POST - Added by sksinha_rm about 2 years ago
Works fine. Issue was url.redirect the webpage address to cgi-bin/hello.cgi/?*.asp, so condition for (*.asp) fails as re-directed url is cgi-bin/hello.cgi and querystring is *.asp. Thanks for all the help.
RE: [UE] How to stop http POST - Added by gstrauss about 2 years ago
Configuration: File Syntax$HTTP["url"] match on url path (not including host or query-string)$HTTP["querystring"] match on querystring, e.g. after the ? in this type url: index.php?module=images...
RE: [UE] How to stop http POST - Added by sksinha_rm about 2 years ago
Thanks, $HTTP["querystring"] is very useful information.
RE: [UE] How to stop http POST - Added by gstrauss about 2 years ago
Thanks, $HTTP["querystring"] is very useful information.
Please READ THE DOCUMENTATION before posting.