Prevent Apache from reverse proxying certain HTTP methods

apache-2.2reverse-proxy

I am using apache as a reverse proxy to a ruby on rails application server. When a HTTP request is received with a non-standard HTTP method, this causes an error in the application server that exposes some (minor) details about the environment. Can I prevent apache from forwarding requests unless the HTTP method matches one of the safe, standard methods?

[EDIT]

Using Shane's answer as a guide, I came up with the following, posting here for reference.

RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|POST|OPTIONS)
RewriteRule .* - [R=405,L]

I found that negating the check is easier, allows apache to return the correct response code (405 is method not allowed), and means that all of the proxy config stuff is unchanged (i.e. you can use ProxyPass or ProxyPassMatch)

Best Answer

Should be able to accomplish this with <Limit>:

<Limit GET HEAD POST>
  ProxyPass / http://example.com/
</Limit>

Edit:

Picky directives.. we'll go with plan B.

RewriteCond %{REQUEST_METHOD} ^(GET|HEAD|POST)$
RewriteRule ^/(.*)$ http://example.com/$1 [P,L]

Best Answer

Related Solutions

Apache RewriteRule for proxying

Ruby on Rails – How to Serve Applications on Windows Server 2008

Related Topic