GET and POST are the most common methods on the Internet. Web server methods are defined in RFC 2616. If a web server does not require the implementation of all available methods, they should be disabled. The following will filter and only allow GET, HEAD and POST methods:
## Only allow these request methods ##
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 405;
}
## Do not accept DELETE, SEARCH and other methods ##
More About HTTP Methods
- The GET method is used to request document such as http://www.example.com/index.php.
- The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response.
- The POST method may involve anything, like storing or updating data, or ordering a product, or sending E-mail by submitting the form. This is usually processed using the server side scripting such as PHP, PERL, Python and so on. You must use this if you want to upload files and process forms on server.
Just in case Google points someone else to this post (just happened to me):
405 Method Not Allowed is the correct response in this case.
thanks for notifying me