Hi team! I am getting crazy with this one: Trying to enable PUT and DELETE http methods. Apache 2.4, allowMethods module enabled and correct command in apache-conf: <Directory /var/www/> Options Indexes FollowSymLinks AllowOverride None AllowMethods GET HEAD POST PUT DELETE OPTIONS Require all granted </Directory> Restarted apache and tested with "curl -i -X OPTIONS localhost" but only "HEAD,GET,POST,OPTIONS" are allowed. Tested with serveral conditional commands also put in .htaccess but no success. Might it be possible, that some setting in ISPConfig is preventing this from working? Thx a lot for your valued help on this. Best, Johannes
Thank you, Till. That was important info. But maybe one of our members has got a tip for me, what I might have possibly overseen. As I said, I would be really grateful for any help. Best, Johannes
I'm getting crazy. I now tried any possible way to enable PUT and DELETE methods in Apache config, .httaccess and even the website-vhost configfiles. And still my server tells me, PUT, DELETE methods not allwed. And I cannot find anything about such a case in the net. All the solutions offered there, I have already tried. What can I do? I am at the end of my wisdom.
Hi Jesse, I checked the logs but didn't get any valuable infos. I just installed mod_security, due to you mentioning it, and enabled it but never used it so far. The modsecurity.conf is "SecRuleEngine DetectionOnly" at the moment as it comes default with a fresh mod_security installation. How can I use it to maybe detect, where the problem might be?
I guess @Jesse Norell did mention mod_security because it might be the cause of your issue and not to install it.
Ok, thx, I deactivated mod_security again. The only log entry I get/find, when I send, eg. a PUT request is in "access.log" and looks like this: Code: 93.244.157.67 - - [25/Mar/2021:15:13:16 +0100] "PUT /wp-admin/js/user-profile.min.js?ver=5.7 HTTP/1.1" 405 2620 "https://leaderclub.network/login/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36" I cannot read anything out of this but maybe you can.
Anyhow, the primary question is, where (in which config file) do I need to enable PUT and DELETE requests and with which command syntax. I have tried every possible method I found but no success. Also in php.ini I took away any disable_functions, so PHP also allows everything. Also tried to put the respective method allowance in .htaccess of the web-folder of the respective site. Nothing... Maybe Ubuntu 20.04 and Apache 2.4.41 have some secret setting in addition to the standard conf, which blocks PUT and DELETE?
I would guess it's wordpress that is returning that error. Try creating a test site with a simple php site that simple saves phpinfo() output to a temp file or similar, then make a PUT call to it. (I don't know if it's valid to return phpinfo() output from a PUT, but you could try that.) If you get a return code 200, PUT is working fine.
Now, I set up a test site and made php issuuing a PUT command, but it was the same result there. There wasn't any output than "ERROR 405 - Method Not Allowed!" Couldn't be any other way, because a "curl -i -X OPTIONS localhost" from command line shows "Allow: HEAD,GET,POST,OPTIONS". I don't know what to do anymore.
Just to repeat. That's my config: apache2.conf: <Location /> AllowMethods GET POST OPTIONS DELETE PUT Require all granted </Location> .htaccess (website root): # ALLOW ONLY NECESSARY REQUEST METHODS RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|OPTIONS|POST|PUT|DELETE) [NC] RewriteRule .* - [F,L] <Limit GET POST PUT DELETE OPTIONS HEAD> Allow from all </Limit> And, yes.... I've restarted apache2 serveral times. What do I overlook? PS: I also inserted the apache directives in the "Apache Directives" field in the website config of the site (see attached screenshot). Also no use.