How to deny POST to a url in nginx

Some of the SQL-heavy URL on my app (say /members) are being attacked by botnets. So I'd like to disable anybody to post to these URL, while allowing others to GET them.

I tried to make a nested loop like this:

if ($request_uri ~ .*members^)  {

   if ($request_method = POST ) {
         return 444;
     }
}

But nginx does not accept this.

I also tried this directive

location ~ "^/members$" {
    if ($request_method ~ ^(POST)$ ) {       
        return 444;
    }
}

but this one deny GET too.

So left clueless and appreciate your help.


Solution 1:

Try this:

location ^~ /members {
  limit_except GET {
    deny  all;
  }
}

Deny all requests except GET.