The HTTP methods are used to perform create, read, update, and delete (or CRUD) operations. The most common methods are POST, GET, PUT, PATCH, and DELETE. Its good practice to disable methods, which are unused and insecure like PUT, PATCH, and DELETE.

This tutorial explains, how to disable HTTP methods for an apache web server.

Disable HTTP Methods in Apache

Create a “.htaccess” file under the document root directory and add the following code. Make sure that the Apache rewrite module and .htaccess are enabled.

RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(HEAD|PUT|DELETE|PATCH|TRACK|OPTIONS) 
RewriteRule .* - [F]

The above configuration will disable HEAD, PUT, DELETE, PATCH, TRACK, and OPTIONS methods.

Next, restart the Apache webserver to apply changes.

sudo systemctl restart apache2 

Verify Setup

You can verify changes using the curl command line utility. Let’s send a request from your system to verify that the server accepts specific header requests. For example, the below command will send an “OPTIONS” request to the server.

curl -i -X OPTIONS https://tecadmin.net 

Output 
HTTP/1.1 403 Forbidden
Date: Thu, 30 Dec 2021 05:50:03 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 281
Content-Type: text/html; charset=iso-8859-1





Forbidden
You don't have permission to access this resource.

Apache Server at tecadmin.net Port 443

You will see a forbidden message in the result. This means that the Apache server rejected the OPTIONS request.

Conclusion

Hopefully, this article will help you disable the HTTP methods for your Apache webserver.