The typical way to block OPTIONS in 2.2 does not need mod_rewrite at all IIRC. You just add this in your location/directory:
        <LimitExcept GET POST>
                deny from all
        </LimitExcept>

and will return 403 if you try OPTIONS method there

El vie., 12 feb. 2016 a las 7:41, Spork Schivago (<sporkschivago@gmail.com>) escribió:
Thank you.   I do see the 200 OK response.

OPTIONS / HTTP/1.0

HTTP/1.1 200 OK
Date: Fri, 12 Feb 2016 06:35:33 GMT
Server: Apache
Allow: GET,HEAD,POST,OPTIONS
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Content-Length: 0
Connection: close
Content-Type: text/html

Connection closed by foreign host.

How do I go about fixing this again?   I'd like the fix to be server wide, so I'd want to put this in my httpd.conf file?


RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule .* - [R=405,L]
RewriteRule ^[^/] - [R=403,L]

I'm currently redirecting all http traffic to the https version of my site using this in .htaccess files:

RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^(.*) https://%{HTTP_HOST}/$1 [R]

I'd like to add that to make it server wide as well I think.   Just gotta figure out where to put it in the httpd.conf file (or the vhosts .conf files).   I use cPanel / WHM and EasyApache so it makes things much harder to figure out.


On Fri, Feb 12, 2016 at 12:33 AM, Toomas Aas <toomas.aas@reach-u.com> wrote:

On 02/12/2016 03:38 AM, Spork Schivago wrote:

Sorry to put in here, but is there away for me to test to see if my
server is affected by this OPTIONS issue?


Testing is easy. Just telnet to port 80 of your server, type "OPTIONS / HTTP/1.0" and press Enter twice.

$ telnet www.yoursite.com 80
Trying 12.34.56.78...
Connected to www.yoursite.com.
Escape character is '^]'.
OPTIONS / HTTP/1.0

HTTP/1.0 200 OK
Allow: OPTIONS, GET, HEAD, POST
Content-Length: 0
Connection: close
Date: Fri, 12 Feb 2016 05:29:26 GMT
Server: Apache

If you see the "200 OK" response, you are affected

--
Toomas Aas | support engineer
www.reach-u.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org