# Restrict HTTP Request Methods PURPOSE: By default Apache accepts all types of HTTP requests. The `<LimitExcept>` directive will allow only certain requests to be processed. For a normal web server, the only requests needed are GET, HEAD, POST, and OPTIONS. Requests such as PUT and DELETE allow for the creating and deletion of files on the server and should be disabled. DEFAULT: All HTTP methods are allowed PROCEDURE: for all the directories in the `apache2.conf` file, add the follwing: ``` <Directory /var/www/> <LimitExcept GET, HEAD, POST, OPTIONS> Deny from all </LimitExcept> </Directory> ``` https://httpd.apache.org/docs/2.4/mod/core.html#limitexcept The `<LimitExcept>` directive does not include the Trace method, and that will have to be disabled with the `TraceEnable off` directive, see below.