How to deny POST to a url in nginx
Some of the SQL-heavy URL on my app (say /members
) are being attacked by botnets. So I'd like to disable anybody to post to these URL, while allowing others to GET them.
I tried to make a nested loop like this:
if ($request_uri ~ .*members^) {
if ($request_method = POST ) {
return 444;
}
}
But nginx does not accept this.
I also tried this directive
location ~ "^/members$" {
if ($request_method ~ ^(POST)$ ) {
return 444;
}
}
but this one deny GET too.
So left clueless and appreciate your help.
Solution 1:
Try this:
location ^~ /members {
limit_except GET {
deny all;
}
}
Deny all requests except GET
.