All geek questions in one place

Is it possible to configure apache to ignore OPTIONS requests?

I run a small webapp for several departments at work, which has very little traffic and not many users. It is built on top of Django and uses apache as a web server. I have customized emails to send me an email when there are any errors that were wonderful until yesterday - there were no errors, but sometimes users don’t say when they encounter problems, so it allows me to stay on top of things .

Yesterday we had a new user, and I began to receive tons of emails with errors. He had no idea that something was wrong, so I thought it was something backstage. When I looked at the logs, they are HTTP OPTIONS requests that use the Microsoft Access Access Internet Publishing Provider Protocol and the Microsoft Office Protocol Discovery. I have never heard of this before this point, but it seems to be some kind of MS / webDAV web folder.

One option is to figure out how he can disable it and tell him to stop doing it, but I would rather just chop off his head and do something like Apache just doesn't pass these Django requests. the way this can be handled?

+3
source share
3 answers

The rewrite option is good, the "Apache Way" is probably more like:

<LimitExcept GET POST>
deny from all
</LimitExcept>

or...

<Limit OPTIONS>
deny from all
</Limit>
+2
source

I found a solution used by another map and ported to Django. I put this at the top of any view that generates HTML with links to .XLS or .DOC files:

if request.method == 'OPTIONS':
    response = HttpResponse()
    response['Allow'] = 'GET, HEAD, POST'
    return response

I like the Apache solution better, though ... assuming this doesn't cause problems on the Windows side.

+2
source

What about:

RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^OPTION
RewriteRule .* - [F]

(with mod_rewrite enabled.)

+1
source

Source: https://habr.com/ru/post/1732572/

More articles:


All Articles