client method denied by server configuration
- Thread starter floyd
- Start date
Richard G
Verified User
New server?
Seems nowadays in options.conf the httpd methods are set to:
by default, so you might need to change that.
Try this:
Seems nowadays in options.conf the httpd methods are set to:
http_methods=GET:HEAD:POSTby default, so you might need to change that.
Try this:
Code:
cd /usr/local/directadmin/custombuild
./build set http_methods ALL
./build rewrite_confs2024 11 01:
# ./build set http_methods ALL
http_methods is not a valid option.
Also tried
da config-get http_methods
unknown config option "http_methods"
da build set http_methods ALL
http_methods is not a valid option.
Currently I am seeing 405 Apache errors (method not allowed) on a DELETE request method.
AH01623: client method denied by server configuration: 'DELETE'
How do I tell Apache to accept it?
Elsewhere in this forum it was stated it is by default 'all', however the question is since when
I also see people referring to https://help.directadmin.com/item.php?id=700
however that redirect is wrong, it goes to nginx and I need it for Apache.
When I go to https://docs.directadmin.com/webservices/apache/customizing.html
There is no reference about request methods. Perhaps new installs have them all switched on by default, but how about changing this? Downgrade, or in my case, upgrade the number or total of request methods?
@fln Could you either update the link to id=700 so customers using Apache can as well find answers?
A short answer below my comment how to make Apache accept all methods would be appreciated and helps future searches.
# ./build set http_methods ALL
http_methods is not a valid option.
Also tried
da config-get http_methods
unknown config option "http_methods"
da build set http_methods ALL
http_methods is not a valid option.
Currently I am seeing 405 Apache errors (method not allowed) on a DELETE request method.
AH01623: client method denied by server configuration: 'DELETE'
How do I tell Apache to accept it?
Elsewhere in this forum it was stated it is by default 'all', however the question is since when
I also see people referring to https://help.directadmin.com/item.php?id=700
however that redirect is wrong, it goes to nginx and I need it for Apache.
When I go to https://docs.directadmin.com/webservices/apache/customizing.html
There is no reference about request methods. Perhaps new installs have them all switched on by default, but how about changing this? Downgrade, or in my case, upgrade the number or total of request methods?
@fln Could you either update the link to id=700 so customers using Apache can as well find answers?
A short answer below my comment how to make Apache accept all methods would be appreciated and helps future searches.
- Joined
- Aug 30, 2021
- Messages
- 1,123
Command
da build rewrite_confs will rebuild apache configs to not block HTTP methods. Old CB used to block HTTP methods in /etc/httpd/conf/extra/httpd-directories.conf with AllowMethods directive.
Code:
diff --git a/custombuild/configure/ap2/conf/extra/httpd-directories.conf b/custombuild/configure/ap2/conf/extra/httpd-directories.conf
--- a/custombuild/configure/ap2/conf/extra/httpd-directories.conf
+++ b/custombuild/configure/ap2/conf/extra/httpd-directories.conf
@@ -1,7 +1,6 @@
<Directory />
AllowOverride All
Options All -MultiViews -Indexes +SymLinksIfOwnerMatch +IncludesNoExec +Includes
- AllowMethods |HTTP_METHODS|
</Directory>Mine shows (left out extra llines to focus on the directory)
# cat ./configure/ap2/conf/extra/httpd-directories.conf
# cat ./configure/ap2/conf/extra/httpd-directories.conf
<Directory />
AllowOverride All
Options All -MultiViews -Indexes +SymLinksIfOwnerMatch +IncludesNoExec +Includes
</Directory>
Include /etc/httpd/conf/extra/httpd-hostname.conf
<Directory /var/www/cgi-bin>
AllowOverride None
Options None
Require all granted
</Directory>
In some of the comments on the forums I saw they added a reset statement there. But of there is no limitation on the request methods that should not be needed either.
Where go I go from here? It is clearly Apache doing this. Comodo WAF is not in the picture here even though it is running. I already added an exclusion for DELETE,PATCH,PUT (what is needed) and the error log shows no ModSecure lines so that is fine.
# cat ./configure/ap2/conf/extra/httpd-directories.conf
# cat ./configure/ap2/conf/extra/httpd-directories.conf
<Directory />
AllowOverride All
Options All -MultiViews -Indexes +SymLinksIfOwnerMatch +IncludesNoExec +Includes
</Directory>
Include /etc/httpd/conf/extra/httpd-hostname.conf
<Directory /var/www/cgi-bin>
AllowOverride None
Options None
Require all granted
</Directory>
In some of the comments on the forums I saw they added a reset statement there. But of there is no limitation on the request methods that should not be needed either.
Where go I go from here? It is clearly Apache doing this. Comodo WAF is not in the picture here even though it is running. I already added an exclusion for DELETE,PATCH,PUT (what is needed) and the error log shows no ModSecure lines so that is fine.
- Joined
- Aug 30, 2021
- Messages
- 1,123
Seems your issue have nothing to do with the deprecated CustomBuild
http_methods feature. Please note that ./configure/ap2/conf/extra/httpd-directories.conf config file is used by CustomBuild when it installs or reconfigures apache. Live apache configs (used by the running service) lives in /etc/httpd directory.