WP-Mix

A fresh mix of code snippets and tutorials

Require HTTP 1.1 (and better) for POST

This quick .htaccess snippet requires that the user submit POST requests using only HTTP 1.1 and better.

To require only HTTP 1.1 or better for all POST requests, add this snippet to your site’s root .htaccess file.

# require HTTP 1.1 for POST
<IfModule mod_rewrite.c>
	RewriteCond %{THE_REQUEST} ^POST(.*)HTTP/(0\.9|1\.0)$ [NC]
	RewriteRule .* - [F,L]
</IfModule>

Nothing needs changed or edited, simply plug-&-play. With this code in place, POST requests using HTTP 0.9 and 1.0 will be blocked via 403 Forbidden error. So only POST requests made using HTTP 1.1 and better (e.g., HTTP 2.0) will be permitted.

Require POST requests

Bonus! Here is a snippet that requires the user to make POST requests in order to access the specified file:

# require post requests
<IfModule mod_rewrite.c>
	RewriteCond %{REQUEST_METHOD} POST
	RewriteCond %{REQUEST_URI} !/contact.php [NC]
	# RewriteCond %{REMOTE_ADDR} !127.0.0.1 
	RewriteRule .* - [F,L]
</IfModule>

So for example, if you want to ensure that all requests for your contact form script are made via HTTP POST, add this snippet to .htaccess and edit /contact.php to match the path and file name of your actual script. And if the file is requested via Ajax, uncomment that last RewriteCond to allow the server to access the file via GET request.

Whitelist valid HTTP requests

Another bonus! Here is an .htaccess snippet that whitelists valid HTTP requests:

# whitelist valid HTTP requests
<IfModule mod_rewrite.c>
	RewriteCond %{SERVER_PROTOCOL} !^HTTP/(0\.9|1\.0|1\.1|2\.0)$ [NC]
	RewriteRule .* - [F,L]
</IfModule>

This code checks the SERVER_PROTOCOL variable and compares it against a whitelist that allows only HTTP requests versioned 0.9, 1.0, 1.1, or 2.0. This protects your site against malicious requests that are trying to game the system with invalid HTTP versions and other nonsense.

Learn more

.htaccess made easy