- To disable the HTTP options method on your CentOS or AlmaLinux based Linux server, you should add the following code in the .htaccess file.
RewriteCond %{REQUEST_METHOD} ^(PUT|DELETE|TRACE|OPTIONS|CONNECT)$ [NC]RewriteRule .* - [F]
- The RewriteCond will check the HTTP method currently used by request, and RewriteRule will intercept that request creating a response with a 403 Forbidden status response code.
- You can use the curl command to check if a configuration change is effectively disabling the HTTPd methods.
curl -v -X TRACE http://host-name:port/
curl -v -X TRACE http://host-name:port/appContext
curl -v -X DELETE http://host-name:port/
curl -v -X DELETE http://host-name:port/appContext
