I want to block all HTTP GET requests to a directory which contain videos and images like upload folder. And if user is coming with HTTP POST than allow user to access. Currently I am using

#Contents of .htaccess

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^PATH.*$ [NC]
RewriteCond %{HTTP_REFERER} !^PATH.*$ [NC]
RewriteRule .(mp4|mp3|avi)$ - [F]

But its blocking all request. I want to access this with HTTP POST request.

Please help me with this.

CodePudding user response：

You need to write the htaccess rules that will allow only post request. Follow this following script.

<Directory "/var/www/folder">
    <Files "index.php">
        Require method POST
    </Files>
</Directory>

However, since that's part of the authorization section, you may want to try this instead:

<Directory "/var/www/folder">
    <Files "index.php">
        <LimitExcept POST>
            Order allow,deny
            Deny from all
        </LimitExcept>
    </Files>
</Directory>

CodePudding user response：

You can use the following mod-rewrite based solution to block all GET requests for upload folder.

RewriteEngine On

RewriteCond %{THE_REQUEST} GET\s/upload [NC]
RewriteRule ^ - [F,L]

Or

RewriteEngine On

RewriteCond %{REQUEST_METHOD} GET
RewriteRule ^upload - [F,L]