The typical way to block OPTIONS in 2.2 does not need mod_rewrite at all IIRC. You just add this in your location/directory: <LimitExcept GET POST> deny from all </LimitExcept>
and will return 403 if you try OPTIONS method there El vie., 12 feb. 2016 a las 7:41, Spork Schivago (<sporkschiv...@gmail.com>) escribió: > Thank you. I do see the 200 OK response. > > OPTIONS / HTTP/1.0 > > HTTP/1.1 200 OK > Date: Fri, 12 Feb 2016 06:35:33 GMT > Server: Apache > Allow: GET,HEAD,POST,OPTIONS > Cache-Control: max-age=0, no-cache, no-store, must-revalidate > Pragma: no-cache > Expires: Wed, 11 Jan 1984 05:00:00 GMT > Content-Length: 0 > Connection: close > Content-Type: text/html > > Connection closed by foreign host. > > How do I go about fixing this again? I'd like the fix to be server wide, > so I'd want to put this in my httpd.conf file? > > > RewriteCond %{REQUEST_METHOD} OPTIONS > RewriteRule .* - [R=405,L] > RewriteRule ^[^/] - [R=403,L] > > I'm currently redirecting all http traffic to the https version of my site > using this in .htaccess files: > > RewriteEngine on > RewriteCond %{HTTPS} off > RewriteRule ^(.*) https://%{HTTP_HOST}/$1 [R] > > I'd like to add that to make it server wide as well I think. Just gotta > figure out where to put it in the httpd.conf file (or the vhosts .conf > files). I use cPanel / WHM and EasyApache so it makes things much harder > to figure out. > > > On Fri, Feb 12, 2016 at 12:33 AM, Toomas Aas <toomas....@reach-u.com> > wrote: > >> >> On 02/12/2016 03:38 AM, Spork Schivago wrote: >> >> Sorry to put in here, but is there away for me to test to see if my >>> server is affected by this OPTIONS issue? >>> >> >> >> Testing is easy. Just telnet to port 80 of your server, type "OPTIONS / >> HTTP/1.0" and press Enter twice. >> >> $ telnet www.yoursite.com 80 >> Trying 12.34.56.78... >> Connected to www.yoursite.com. >> Escape character is '^]'. >> OPTIONS / HTTP/1.0 >> >> HTTP/1.0 200 OK >> Allow: OPTIONS, GET, HEAD, POST >> Content-Length: 0 >> Connection: close >> Date: Fri, 12 Feb 2016 05:29:26 GMT >> Server: Apache >> >> If you see the "200 OK" response, you are affected >> >> -- >> Toomas Aas | support engineer >> www.reach-u.com >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> >> >