Re: Issue with HTTP methods (DELETE,PUT) not being accepted (returning 405 Method not allowed)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I ended up figuring this out and I thought I would respond to my original message to let anyone know who stumbles on this what the problem was.

Apache does not want to send arbitrary HTTP request methods to regular files. Sending a "DELETE" or "PUT" to a regular file in a document root will end up with a "405 Method not allowed", even if the method is "Allow"d (e.g. "Allow from all"... We're kind of overloading the term "Allowed" here!). That is, unless you're using dav/dav_fs, which isn't what I'm trying to do here. If the document being processed is a script, like PHP, Apache is normally willing to forward the request to the file with the REQUEST_METHOD populated.

The issue comes down to how Apache integrates with PHP. In my case, under Ubuntu 12.04, there were two packages:

libapache2-mod-php5 and libapache2-mod-php5filter

I had accidentally installed the "libapache2-mod-php5filter" package, which integrates with Apache using the following lines:

SetInputFilter PHP
SetOutputFilter PHP

These functions are specifically geared toward GET (Output) & POST (Input) operations and don't instruct Apache to pass all request methods to PHP. For all other request methods, Apache treats the .php file as a standard file. I uninstalled libapache2-mod-php5filter and installed libapache2-mod-php5, which integrates with:

<FilesMatch "\.ph(p3?|tml)$">
    SetHandler application/x-httpd-php
</FilesMatch>

The SetHandler accepts all request methods, including the PUT & DELETE I was trying to get working. Hope this helps someone out there.


On Thu, Aug 23, 2012 at 1:59 PM, Scott Bigelow <epheph@xxxxxxxxx> wrote:
I am having an issue with Apache/2.2.22 on Ubuntu 12.04, migrating service from an older system, Apache/2.2.3 on CentOS. We make use of PHP to serve RESTful requests, but I do not believe this is a PHP issue, since the issue is present even when not calling a PHP script.

On the old server, it will accept any HTTP Method (specifically, PUT and DELETE are desired).

On the new server, I cannot get it to recognize any method other than GET, POST, OPTIONS, and HEADER. Here is my very simple block:

        <Directory "/var/www">
                Options FollowSymLinks
                AllowOverride None
                Order allow,deny
                allow from all
                <Limit DELETE GET>
                Order allow,deny
                Allow from all
                </Limit>
        </Directory>

Even with this stanza, "curl -X DELETE URL" returns a "405 Method not allowed".  When I change "Allow from all" to "Deny from all" in the <Limit>, it returns a 403 instead, so I know the block is effective for this request. Is there some other part of Apache which is preventing the DELETE method? Thanks for taking the time to read through my issue,
-Scott


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux