How to deny POST to a url in nginx

nginx web-server botnet

Some of the SQL-heavy URL on my app (say /members) are being attacked by botnets. So I'd like to disable anybody to post to these URL, while allowing others to GET them.

I tried to make a nested loop like this:

if ($request_uri ~ .*members^)  {

   if ($request_method = POST ) {
         return 444;
     }
}

But nginx does not accept this.

I also tried this directive 

location ~ "^/members$" {
    if ($request_method ~ ^(POST)$ ) {       
        return 444;
    }
}

but this one deny GET too.

So left clueless and appreciate your help.


Solution 1:

Try this:

location ^~ /members {
  limit_except GET {
    deny  all;
  }
}

Deny all requests except GET.

Related

Win Service running under LocalService account cannot access environment variables
Hide Total Size and Free Space on Network Drives
Rsync: dealing with absolute symlinks
Can a DNS wildcard only be the leftmost part of a record?
How do I enable IPv6 in RHEL 7.4 on Amazon EC2
Adding a Windows Server 2012 Essentials server to an existing domain, without migrating the AD
Are there any disadvantages to unusual RAM amounts for virtual machines?
Automatic file deletion based on file age
Anyone know of any Free Java hosting services?
Removing a device in "removed" state from Linux software RAID array
Can Apache .htaccess convert the percent-encoding in encoded URIs from Win-1252 to UTF-8?
Allow SSH only on one of a servers IP addresses