2010/8/9 Morgan <morgan@nm.ru>

How to do this under the apache win 32 + php? I'm just beginning to comprehend the science ...

Hi Morgan,

Something like the following should force all requests to use the GET, HEAD or POST HTTP methods. You may need to add / subtract methods based on your application's needs.

SecRule REQUEST_METHOD "!^(GET|HEAD|POST)$" "phase:1,t:none,deny"

- Josh