Using mod_rewrite to block access based on REQUEST_METHOD + HTTP header
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I want to use mod_rewrite to return 403 Forbidden when the REQUEST_METHOD is GET and when a specific custom header is missing. But I want to allow through requests with the OPTIONS verb even if that custom header is missing.
This is what I am using currently:
RewriteEngine On
RewriteCond %REQUEST_METHOD =GET
RewriteCond %HTTP:SomeHeader ^$
RewriteRule .* - [F]
The GET behavior seems to be working fine (if header supplied I get back 200, without it I get 403). But I am also seeing that same behavior for OPTIONS (403 unless I provide header, then 200).
It seems like when the HTTP verb is OPTIONS the first RewriteCond should be failing, but somehow it seems like it is "passing" and continuing on with the other condition + rule.
Any thoughts on what is going on here? Thanks in advance!
mod-rewrite
New contributor
add a comment |Â
up vote
0
down vote
favorite
I want to use mod_rewrite to return 403 Forbidden when the REQUEST_METHOD is GET and when a specific custom header is missing. But I want to allow through requests with the OPTIONS verb even if that custom header is missing.
This is what I am using currently:
RewriteEngine On
RewriteCond %REQUEST_METHOD =GET
RewriteCond %HTTP:SomeHeader ^$
RewriteRule .* - [F]
The GET behavior seems to be working fine (if header supplied I get back 200, without it I get 403). But I am also seeing that same behavior for OPTIONS (403 unless I provide header, then 200).
It seems like when the HTTP verb is OPTIONS the first RewriteCond should be failing, but somehow it seems like it is "passing" and continuing on with the other condition + rule.
Any thoughts on what is going on here? Thanks in advance!
mod-rewrite
New contributor
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I want to use mod_rewrite to return 403 Forbidden when the REQUEST_METHOD is GET and when a specific custom header is missing. But I want to allow through requests with the OPTIONS verb even if that custom header is missing.
This is what I am using currently:
RewriteEngine On
RewriteCond %REQUEST_METHOD =GET
RewriteCond %HTTP:SomeHeader ^$
RewriteRule .* - [F]
The GET behavior seems to be working fine (if header supplied I get back 200, without it I get 403). But I am also seeing that same behavior for OPTIONS (403 unless I provide header, then 200).
It seems like when the HTTP verb is OPTIONS the first RewriteCond should be failing, but somehow it seems like it is "passing" and continuing on with the other condition + rule.
Any thoughts on what is going on here? Thanks in advance!
mod-rewrite
New contributor
I want to use mod_rewrite to return 403 Forbidden when the REQUEST_METHOD is GET and when a specific custom header is missing. But I want to allow through requests with the OPTIONS verb even if that custom header is missing.
This is what I am using currently:
RewriteEngine On
RewriteCond %REQUEST_METHOD =GET
RewriteCond %HTTP:SomeHeader ^$
RewriteRule .* - [F]
The GET behavior seems to be working fine (if header supplied I get back 200, without it I get 403). But I am also seeing that same behavior for OPTIONS (403 unless I provide header, then 200).
It seems like when the HTTP verb is OPTIONS the first RewriteCond should be failing, but somehow it seems like it is "passing" and continuing on with the other condition + rule.
Any thoughts on what is going on here? Thanks in advance!
mod-rewrite
mod-rewrite
New contributor
New contributor
New contributor
asked 3 mins ago
Trevor
1
1
New contributor
New contributor
add a comment |Â
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Trevor is a new contributor. Be nice, and check out our Code of Conduct.
Trevor is a new contributor. Be nice, and check out our Code of Conduct.
Trevor is a new contributor. Be nice, and check out our Code of Conduct.
Trevor is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f480264%2fusing-mod-rewrite-to-block-access-based-on-request-method-http-header%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password