Last Updated: February 25, 2016
·
438
· rfsbsb

Apache: Allowing POST only when content is gzipped

Setting on Apache.

<Location /some/path>
    SetInputFilter DEFLATE
    #Set gzip var artificially to false
    SetEnvIf SetaGzipComFalse "^" gziping=0
    #If not gzip, invalidate the request
    SetEnvIf "Content-Encoding" ^((?!gzip).)*$ gziping=1
    #Defining only post as allowed method
    SetEnvIf Request_Method "POST" posting=1
    #If Gzip is enabled accept only POST otherwise doesn't accept gzip on GET method
    SetEnvIf gziping 0 !posting
    Order allow,deny
    Allow from all
    Deny from env=posting
 </Location>