Allow Only POST Method for Specific File in Apache

apache-2.2http-headershttpd.conf

I have one file that should only be accessible via the POST method.

/var/www/folder/index.php

The document root is /var/www/ and index.php is nested inside a folder.

Version of Apache is: 2.4.4.
My configurations are as follows:

<Directory "/var/www/folder">
    <Files "index.php">
        order deny,allow
        Allow from all
        <LimitExcept POST>
            Deny from all
        </LimitExcept>
    </Files>
</Directory>

I visit my server at 127.0.0.1/folder but I can GET and POST the file just like normal.

I've also tried reversing the order, order allow,deny, require, limitexcept and limit.

How can I only allow POST requests to be processed by one file in a folder?

Best Answer

You could use the Require directive:

<Directory "/var/www/folder">
    <Files "index.php">
        Require method POST
    </Files>
</Directory>

However, since that's part of the authorization section, you may want to try this instead:

<Directory "/var/www/folder">
    <Files "index.php">
        <LimitExcept POST>
            Order allow,deny
            Deny from all
        </LimitExcept>
    </Files>
</Directory>
Related Topic