Cannot enable PUT, DELETE http methods

Discussion in 'ISPConfig 3 Priority Support' started by decentris, Mar 24, 2021.

  1. decentris

    decentris Member HowtoForge Supporter

    Hi team!

    I am getting crazy with this one:

    Trying to enable PUT and DELETE http methods.

    Apache 2.4, allowMethods module enabled and correct command in apache-conf:

    <Directory /var/www/>
    Options Indexes FollowSymLinks
    AllowOverride None
    AllowMethods GET HEAD POST PUT DELETE OPTIONS
    Require all granted
    </Directory>

    Restarted apache and tested with "curl -i -X OPTIONS localhost" but only "HEAD,GET,POST,OPTIONS" are allowed.
    Tested with serveral conditional commands also put in .htaccess but no success.

    Might it be possible, that some setting in ISPConfig is preventing this from working?

    Thx a lot for your valued help on this.

    Best,
    Johannes
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    There is no setting in ISPConfig for that and we do not block PUT and DELETE in the default config.
     
  3. decentris

    decentris Member HowtoForge Supporter

    Thank you, Till. That was important info.

    But maybe one of our members has got a tip for me, what I might have possibly overseen.

    As I said, I would be really grateful for any help.

    Best,
    Johannes
     
  4. decentris

    decentris Member HowtoForge Supporter

    I'm getting crazy. I now tried any possible way to enable PUT and DELETE methods in Apache config, .httaccess and even the website-vhost configfiles. And still my server tells me, PUT, DELETE methods not allwed.

    And I cannot find anything about such a case in the net. All the solutions offered there, I have already tried. What can I do? I am at the end of my wisdom. :(
     
  5. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    I assume you have checked the logs for errors? Do you have mod_security in use?
     
  6. decentris

    decentris Member HowtoForge Supporter

    Hi Jesse,

    I checked the logs but didn't get any valuable infos.

    I just installed mod_security, due to you mentioning it, and enabled it but never used it so far. The modsecurity.conf is "SecRuleEngine DetectionOnly" at the moment as it comes default with a fresh mod_security installation.

    How can I use it to maybe detect, where the problem might be?
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    I guess @Jesse Norell did mention mod_security because it might be the cause of your issue and not to install it.
     
  8. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Correct.

    What do your logs show, just the various requests returning 405 code?
     
  9. decentris

    decentris Member HowtoForge Supporter

    Ok, thx, I deactivated mod_security again.

    The only log entry I get/find, when I send, eg. a PUT request is in "access.log" and looks like this:

    Code:
    93.244.157.67 - - [25/Mar/2021:15:13:16 +0100] "PUT /wp-admin/js/user-profile.min.js?ver=5.7 HTTP/1.1" 405 2620 "https://leaderclub.network/login/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36"
    I cannot read anything out of this but maybe you can.
     
  10. decentris

    decentris Member HowtoForge Supporter

    Anyhow, the primary question is, where (in which config file) do I need to enable PUT and DELETE requests and with which command syntax.

    I have tried every possible method I found but no success. Also in php.ini I took away any disable_functions, so PHP also allows everything. Also tried to put the respective method allowance in .htaccess of the web-folder of the respective site. Nothing...

    Maybe Ubuntu 20.04 and Apache 2.4.41 have some secret setting in addition to the standard conf, which blocks PUT and DELETE?
     
  11. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    I would guess it's wordpress that is returning that error. Try creating a test site with a simple php site that simple saves phpinfo() output to a temp file or similar, then make a PUT call to it. (I don't know if it's valid to return phpinfo() output from a PUT, but you could try that.) If you get a return code 200, PUT is working fine.
     
  12. decentris

    decentris Member HowtoForge Supporter

    Now, I set up a test site and made php issuuing a PUT command, but it was the same result there. There wasn't any output than "ERROR 405 - Method Not Allowed!"

    Couldn't be any other way, because a "curl -i -X OPTIONS localhost" from command line shows "Allow: HEAD,GET,POST,OPTIONS".

    I don't know what to do anymore.
     

    Attached Files:

    • 405.jpg
      405.jpg
      File size:
      86.3 KB
      Views:
      1
  13. decentris

    decentris Member HowtoForge Supporter

    Just to repeat. That's my config:

    apache2.conf:

    <Location />
    AllowMethods GET POST OPTIONS DELETE PUT
    Require all granted
    </Location>

    .htaccess (website root):

    # ALLOW ONLY NECESSARY REQUEST METHODS
    RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|OPTIONS|POST|PUT|DELETE) [NC]
    RewriteRule .* - [F,L]

    <Limit GET POST PUT DELETE OPTIONS HEAD>
    Allow from all
    </Limit>

    And, yes.... I've restarted apache2 serveral times.

    What do I overlook?

    PS: I also inserted the apache directives in the "Apache Directives" field in the website config of the site (see attached screenshot). Also no use.
     

    Attached Files:

    Last edited: Mar 26, 2021

Share This Page