all about hardening Nextcloud.
Does anyone has got experience in configuration the control request methods, related to apache configuration ?
for that moment i did setup this config:
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK).
Question: Does Nextcloud working within this settings also or does important functionalities not working anymore after this setup ?
RewriteCond %{REQUEST_METHOD} ^(CONNECT|DEBUG|DELETE|MOVE|PUT|TRACE|TRACK)
Control Request Methods | .htaccess made easy (htaccessbook.com)
Control Request Methods
Category: Blog • Posted by Jeff Starr • Updated: Monday, May 9th, 2016 @ 1:05 pm
Sites hosted on Apache servers can accept a wide range of request methods. For example, most developers are familiar with GET
and POST
requests. Other request methods are less common, such as DELETE
, HEAD
, and PUT
. While many types of request methods are harmless or even beneficial, some of them are just unnecessary and serve to increase the overall security liability of your site. This post explains how to lock things down by blocking or allowing only specific types of HTTP requests.
Blocking Request Methods
This technique blocks some request methods that most sites never use. Why block them? Because they may be used by teh bad guys to scan and covertly attack your site. Think of these request types as hidden doors to your house that none of your friends use or even know about. But that pathetic loser down the street knows all about the hidden doors, and uses them for his evil schemes. You don’t it want it, bro.
To lock the doors, you can add the following .htaccess snippet to your site’s root .htaccess file:
# BLOCK UNNECESSARY REQUEST METHODS
RewriteCond %{REQUEST_METHOD} ^(CONNECT|DEBUG|DELETE|MOVE|PUT|TRACE|TRACK) [NC]
RewriteRule .* - [F,L]
This snippet blocks all of the following requests methods:
CONNECT
DEBUG
DELETE
MOVE
PUT
TRACE
TRACK
Important: before implementing this technique, make sure that your site does not rely on any of these blocked request methods. Most don’t, but you want to be sure. Ask your host or local expert if in doubt.