Blocking HEAD, DELETE, etc. with lighttpd

httphttp-headerslighttpd

So I have lighttpd installed and the site it runs only needs to respond to GET requests.

I was wondering how I can return 405 responses with Allow: GET headers to anything but GET requests using lighttpd?

I've had a quick google but even the lighttpd doesn't turn up anything solid.

Update

Limiting by $HTTP["request-method"] works a treat.

Unfortunately when you use url.access-deny lighttpd sets the status code and headers as a fixed thing (403 status), regardless of if you try to add header before or after.

End result:

$HTTP["request-method"] =~ "^(PUT|HEAD|PATCH|DELETE)$" {
    url.access-deny = ( "" )
}

Best Answer

Since version 1.4.19, you can filter on request-method:

$HTTP["request-method"] =~ "^(PUT|POST|HEAD|PATCH|DELETE)$" {
  url.access-deny = ("")
}

Related Solutions

Nginx + Passenger running a RoR app is returning 401 when 302 is expected

Take a look at the following source code in devise which has to do with navigational_formats.

I had the same problem as you describe and setting

config.navigational_formats = [:"*/*", :html]

in the devise initializer fixed it for me. I have no ideas yet why IE requests coming from Outlook are passed on as /.

How to prevent lighttpd from caching static files, even when modified on disk

I've finally found the issue. And it comes from VirtualBox.

When editing a file in the Host (Win), lighttpd in the guest (Linux) does not correctly update the file content (but does correctly update file size), thus returning cropped or garbled content.

Unmounting my shared drives and re-mounting them, or editing files directly in the guest, fixed the issue.

It took me 6 months to finally figure that out.

Best Answer

Related Solutions

Nginx + Passenger running a RoR app is returning 401 when 302 is expected

How to prevent lighttpd from caching static files, even when modified on disk

Related Topic