Block requests that are made with specific request methods. Often, you will not want to entertain all available HTTP request methods, whether for security reasons or otherwise.
Refer also to: Virtual Host Config or .htaccess?
To block specific request methods, add the following rule to .htaccess:
RewriteCond %{REQUEST_METHOD} ^(DELETE|TRACE|TRACK|OPTIONS|HEAD)$ [NC]
RewriteRule ^.*$ - [F]
This would cause all requests made using one of the pipe-delimited list of request methods to return a 403 Forbidden response.
In More Detail
It’s relatively common to want to disallow one or more HTTP request methods on a web server, usually for one security best practice or another.
While the traditional way to disable specific HTTP methods is via rewrite rules (mod_rewrite), as shown above, note that this can also be accomplished with the LimitExcept directive in .htaccess or virtual host config.