The Apache Haus Forum

Forum Topics => Apache 2.4 => Topic started by: Donglecow on January 25, 2017, 12:18:07 PM

Title: Securing HTTP Requests with Mod_Rewrite
Post by: Donglecow on January 25, 2017, 12:18:07 PM
Hi everyone,

I have a page*: http://example.com/es/ that I need to expose to the internet for testing. This is an Elasticsearch instance.

I want to restrict some HTTP request methods to help prevent malicious attacks on my Elasticsearch cluster.

I want to:
Disable PUT, DELETE, TRACE requests.
Allow GET requests
Restrict POST requests to http://example.com/es/_search

How would I go about achieving the restriction on the POST requests? My current mod_rewrite config is below.

RewriteEngine on
RewriteCond %{THE_REQUEST} !^(POST|GET)\ /.*\ HTTP/1\.1$
RewriteRule .* - [F]

Thanks in advance for any advice.

 * - This page is just an example of the URL/URI structure. My app isn't actually hosted at example.com.
Title: Re: Securing HTTP Requests with Mod_Rewrite
Post by: mario on January 25, 2017, 05:06:45 PM
Normaly you use Limit[1] in a <Directory>

For sure you can use the <Directory> directive

And you can add a second condition for the url

RewriteCond %{REQUEST_URI} ^/es

and

RewriteCond %{REQUEST_URI} ^/es/_search


if you still have a question please ask again.

[1] https://httpd.apache.org/docs/2.4/mod/core.html#limit
Title: Re: Securing HTTP Requests with Mod_Rewrite
Post by: Donglecow on January 26, 2017, 10:39:53 AM
Normaly you use Limit[1] in a <Directory>

For sure you can use the <Directory> directive

And you can add a second condition for the url

RewriteCond %{REQUEST_URI} ^/es

and

RewriteCond %{REQUEST_URI} ^/es/_search


if you still have a question please ask again.

[1] https://httpd.apache.org/docs/2.4/mod/core.html#limit

Thank you for the reply. I wasn't aware I could use a second condition, that will be helpful!

Just a question though. Why would I use the <Directory> directive? Should it not be <Location>, as ES is a webapp that is being proxied through to example.com/es/, rather than files on the filesystem that need to be served up?

Thanks again.