To block request methods of HTTP

Requests HTTP can be done of several forms. Perhaps the most known they are the GET and the POST, but the Web servers support a longer list of options.

  • CONNECT: Method CONNECT establishes a tunnel towards the servant identified by the resource.
  • DELETE: Method DELETE flock a resource in specific.
  • GET: Method GET asks for a representation of a specific resource. The requests that only use method GET must recover data.
  • HEAD: Method HEAD requests an identical answer to the one of a request GET, but without the body of the answer.
  • OPTIONS: Method OPTIONS is used to describe the options of communication for the destiny resource.
  • PATCH: Method PATCH is used to apply partial modifications to a resource.
  • POST: The method POST is used to send an organization to a resource in specific, causing often to a change in the state or side effects in the servant.
  • PUTT: The way PUTT replaces all the present representations of the resource of destiny with the payload of the request.
  • IT DRAWS UP: The method DRAWS UP realises a test of curl of return of message throughout the route to the destiny resource.

In the generally most habitual case of WordPress it is than the methods of request GET and POST are only used, being able to extend to HEAD and OPTIONS. The rest of methods generally is not used and they would be possible to be blocked.

This means that in the file .hatccess (or any configuration of Web server) the methods with a pair of lines could be blocked such what these:

# Bloquear request method RewriteCond % \ {REQUEST_METHOD} ^ (connect|delete|head|options|patch|putt|it draws up) [NC] RewriteRule. * - [F]

Obvious, if you have some system of API that it requires of the methods corresponding are possible to be added or to be eliminated the taste and the needs.

It lets a commentary