不安全的HTTP方法

只允许post,get的http方法

Apache在httpd.conf添加如下配置:

<Location "/">
   AllowMethods GET POST
</Location>

参考:https://httpd.apache.org/docs/2.4/mod/mod_allowmethods.html

Nginx在nginx.conf中进行如下设置

if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 403;
}

You may also like...