How to Disable Put and Delete Methods in Apache


disable put and delete methods apache

By default, Apache allows running insecure HTTP methods such as PUT, DELETE, COPY, SEARCH, etc that can make your website vulnerable. Let us look at how to disable PUT and DELETE methods in Apache.

 

How to Disable Put and Delete Methods in Apache

Here are the steps to disable PUT and DELETE methods in Apache.

 

1. Open Apache Config File

Open Apache config file in a text editor. You will find it at one of the following locations, depending on your Linux distribution and type of installation.

  • /etc/apache2/httpd.conf
  • /etc/apache2/apache2.conf
  • /etc/httpd/httpd.conf
  • /etc/httpd/conf/httpd.conf

 


$ sudo vim /etc/apache2/httpd.conf

 

If you have enabled .htaccess (mod_rewrite) for your server, you can open the .htaccess file instead of accessing Apache config file. Here are the steps to do it:

 

Place your .htaccess file in the root document folder of your website (/var/www/html).

 

2. Disable PUT and DELETE methods

Add the following lines of code to disable all insecure HTTP methods


RewriteEngine On
RewriteCond %{REQUEST_METHOD} !^(GET|POST|HEAD)
RewriteRule .* - [R=405,L]

The above lines will allow only GET, POST and HEAD methods on your web server. If any other method is requested, the user will get a “405 : Method Not Allowed” response.

 

Alternatively, you can also add the following lines of code to explicitly block the specific methods


RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|PUT|OPTIONS|DELETE|HEAD)
RewriteRule .*$ - [F,L]

In the above code, we are explicitly disabling Trace, Track, Put, Options, Delete and Head methods on our server.

 

3. Restart Apache web server

Restart Apache web server to apply changes


$ sudo /etc/init.d/apache2 start [Debian or Ubuntu]
# sudo apachectl restart [RHEL, CentOS or Fedora]

 

 

 

 

 

About Sreeram Sreenivasan

Sreeram Sreenivasan is the Founder of Ubiq, a business dashboard & reporting platform for small & medium businesses. Ubiq makes it easy to build business dashboards & reports for your business. Try it for free today!