Tutorials Blocking HEAD, DELETE, etc. with lighttpd

Marks-Man

Administrator
Joined: Mar 15, 2021
Messages: 373
Resources: 213
Points: 28
Reaction score: 96
Limiting by $HTTP["request-method"] works a treat.

Unfortunately when you use url.access-deny lighttpd sets the status code and headers as a fixed thing (403 status), regardless of if you try to add header before or after.

End result:


$HTTP["request-method"] =~ "^(PUT|HEAD|PATCH|DELETE)$" {
url.access-deny = ( "" )
}
 
  • Tags
    blocking head delete etc lighttpd with
  • Top