How to Block POST requests in NGINX


block post requests nginx

Sometimes, you may need to block POST requests to specific URLs such as /login.php or directories such as /blog/. Let us take a look at how to block POST requests in NGINX.

 

How to Block POST requests in NGINX

Here are the steps to block POST requests in NGINX.

 

1. Open NGINX config file

Open NGINX config file in a text editor. You will typically find it at /etc/nginx/nginx.conf


$ sudo vim /etc/nginx/nginx.conf

 

2. Block POST requests

Depending on your use case, add the following lines to deny POST requests on your website. We will use the limit_except directive to limit the allowed methods. You can use it only in location context.

 

If you want to block POST requests all over your website,


location / {
 limit_except GET {
 deny all;
 }
#rest of your config
}

 

In the above code, we block all requests except GET methods.

 

If you want to block POST requests for all except a few known IPs such as localhost or private IPs


location / {
 limit_except GET {
 deny all;
 allow 127.0.0.1;
 }
#rest of your config
}

 

 

If you want to block POST method in a specific directory, such as /blog/


location ~ ^/blog/ {
 limit_except GET {
 deny all;
}
#rest of your config
}

 

If you want to block POST method in a specific URL,


location ~ ^/admin/login.php {
 limit_except GET {
 deny all;
}
#rest of your config
}

 

3. Reload NGINX web server

Reload NGINX server to apply changes.

$ sudo service nginx reload

 

That’s it! NGINX will block POST methods to your URL or directory.

About Sreeram Sreenivasan

Sreeram Sreenivasan is the Founder of Ubiq, a business dashboard & reporting platform for small & medium businesses. Ubiq makes it easy to build business dashboards & reports for your business. Try it for free today!