Hi guys,
I'm having a hard time accomplishing this task with a reverse proxy I am running. Basically I need to block all URLs and request methods except
for permitted ones, but now it looks like I simply block ALL requests. Can someone help?
For example, I know the site that my reverse proxy is protecting
only accept GET, POST, HEAD, and the only valid toplevel urls
are /toplevel1 and /toplevel2 and of course /. Here's what I have:
RewriteEngine on
RewriteLog logs/mod_rewrite_log
RewriteLogLevel 9
RewriteCond %{REQUEST_METHOD} !^(GET|POST|HEAD) [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} !^/$ [OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} !^/toplevel1.*$ [OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} !^/toplevel2.*$ [OR]
RewriteRule .* - [F]
But I get 403 for all requests, Can anyone shed light on this or have done such a thing before?