0

my server return 405, Method Not Allowed when request to https with http_method DELETE, but request to http is ok. Can anyone please help ?

Server Environment Apache 2.4.29 DirectAdmin 1.52.1 OS: centOS release 6.9 (Final)

Thanks

Add Error log [Wed Jan 03 11:57:38.331926 2018] [allowmethods:error] [pid 8569] [client 171.97.62.152:59633] AH01623: client method denied by server configuration: 'DELETE' to /home/------/domains/------.com/private_html/

Singha
  • 62
  • 8
  • What resource are you making a request to? Are you sure it supports the DELETE method? –  Jan 02 '18 at 07:39
  • I tested by using "Rest Web Service Client", add-on of Chrome and also by using Apple Wallet application – Singha Jan 03 '18 at 04:56

1 Answers1

0

The sure way to fix this is to learn why Apache denies the requests in your particular case. You can learn this from its error logs.

In my case, tail -f /usr/local/apache/logs/error_log

gave this:

[Tue 2 08:39:52.570672 2018] [:error] [pid 32076:tid 140086307448576] 
[client 93.125.93.77] ModSecurity: Access denied with code 501 (phase 2). 
Match of "rx ^((?:(?:POS|GE)T|OPTIONS|HEAD))$" against "REQUEST_METHOD" 
required. [file "/usr/local/apache/conf/modsec-imh/01_base_rules.conf"] [line 
"32"] [id "960032"] [msg "Method is not allowed by policy"] [severity 
"CRITICAL"] [tag "POLICY/METHOD_NOT_ALLOWED"] [hostname "104.244.122.237"] 
[uri "/products/order/items/45"] [unique_id "V96LGGj0eu0AAH1MR8sAAACB"]

It mentions a security rule and the file it's coming from:

/usr/local/apache/conf/modsec-imh/01_base_rules.conf. Editing that file solved my problem smoothly.

Prabhat Singh
  • 891
  • 8
  • 17
  • this is the error log: [Wed Jan 03 11:57:38.331926 2018] [allowmethods:error] [pid 8569] [client 171.97.62.152:59633] AH01623: client method denied by server configuration: 'DELETE' to /home/------/domains/------.com/private_html/ – Singha Jan 03 '18 at 04:59
  • Okay, so you are getting error AH01623, I am pretty sure it must be above = 2.4 version okay we need to do some changes, I can give you an example here below and please let me know if it doesn't work In my case, I had the following configuration in the httpd.conf, which was working without any problem until the upgrade # vi httpd.conf Alias /server/ "/home/myapp/server/" Options Indexes MultiViews AllowOverride None Order deny, allow Allow from all So, after I added “Require all granted”, it started working properly. – Prabhat Singh Jan 03 '18 at 06:21
  • So, keep the following in mind: Remove any “Order deny,allow”, “Order allow,deny”, and related lines Replace “Deny from all” to “Require all denied” Replace “Allow from all” to “Require all granted” If you are allowing any specific hostname, change them accordingly. For example, replace “Allow from 192.168.1.2” to “Require host 192.168.1.2” – Prabhat Singh Jan 03 '18 at 06:26
  • You can follow this official document http://httpd.apache.org/docs/2.4/upgrading.html#run-time this will for sure help you. but if there is any further issue there please also share your Configuration file details with me I am glad to help you. – Prabhat Singh Jan 03 '18 at 06:32
  • due to I am not expert in server administrator. I am not sure whom httpd.conf belong to (OS or user/domain). First I look at httpd.conf of user/domain. I add "Require all granted" after "Options -ExecCGI" in ... ... but not works. If possible, please add me skype : limparty so I can share my screen to you easily. – Singha Jan 03 '18 at 07:56