Block requests that are made with specific request methods. Often, you will not want to entertain all available HTTP request methods, whether for security reasons or otherwise.

To block specific request methods, add the following rule to .htaccess:

RewriteCond %{REQUEST_METHOD} ^(DELETE|TRACE|TRACK|OPTIONS|HEAD)$ [NC]
RewriteRule ^.*$ - [F]

This would cause all requests made using one of the pipe-delimited list of request methods to return a 403 Forbidden response.

Why Lose Memories?

In More Detail

It’s relatively common to want to disallow one or more HTTP request methods on a web server, usually for one security best practice or another.

While the traditional way to disable specific HTTP methods is via rewrite rules (mod_rewrite), as shown above, note that this can also be accomplished with the LimitExcept directive in .htaccess or virtual host config.