Using RewriteRule in .htaccess for POST request
I am attempting to lock down a page to only accept POST requests. as part of an RESTful API. I have the following, but it doesn't see开发者_如何学JAVAm to work. Any help would be appreciated.
RewriteCond %{REQUEST_METHOD} POST
RewriteRule ^api/(call1|call2|call3)/?/ http://www.example.com/api/rest_services.php?_call=$1 [L]
You need to invert the condition to just match requests that are not POST:
RewriteCond %{REQUEST_METHOD} !=POST
RewriteRule ^api/(call1|call2|call3)/?/ - [L,R=405]
And then you should also send the 405 status code to tell the client the reason. But the R=405
flag is only available since Apache 2. For Apache 1 you can send those requests to a PHP script that responds with that status code.
I'm not qualified to answer the question about .htaccess
, but this is the way I'd rather do it anyway:
<?php
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
die('some meaningful REST style error here');
}
My mistake. Syntax error on the RewriteRule. Should be the following. Note the $ not /
RewriteRule ^api/(call1|call2|call3)/?$ http://www.example.com/api/rest_services.php?_call=$1 [L]
Use this in conjunction with <Location>
:
<Limit GET>
Deny from all
</Limit>
精彩评论