Apache ошибка 405

Когда на сайт пытается попасть человек, а вместо искомого контента натыкается на ошибку, то важно выяснить, что это за ошибка и почему она посмела явиться в столь неподходящий (а это любой) момент.

Благо у нас есть замечательные коды 4хх и 5хх, хоть и не так подробно, как хотелось бы, но рассказывающие о том, почему возникла ошибка. Ну а мы, зная эту информацию, можем попытаться ошибку исправить. 

В этом материале речь пойдет об ошибке 405 Method Not Allowed. В деталях опишу проблему и расскажу, как ее побороть.

Что означает код ошибки сервера 405?

Код 405 Method Not Allowed говорит нам о том, что сервер получил определенный запрос с заданным HTTP-методом, смог его распознать, но не дает добро на его реализацию. То есть пользователь не получит доступ к контенту, который запросил.

В отличие от 404, 405 уточняет, что запрашиваемая страница существует и функционирует. Только вот стоит изменить используемый в HTTP-запросе метод. Иначе ничего не выйдет. 

Из-за чего я вижу эту ошибку?

Есть 9 HTTP-методов, которые используются браузерами для общения с серверами. Из них два задействуются чаще остальных. Это метод GET для запроса информации с ресурса и метод POST для передачи какой-нибудь информации на ресурс. Два метода покрывают почти все существующие сценарии взаимодействия клиента и сервера от запроса статьи до отправки логина и пароля на сайт. Так как они выполняют разные задачи, для сервера нет никакой нужды принимать GET для авторизации на сайте или POST для загрузки данных. Если же клиент так делает и отправляет некорректный запрос (не с тем методом, который должен быть), то сервер ответит ему ошибкой. То же произойдет, если ресурс будет настроен так, что не сможет принимать специфичный набор запросов, не попадающих в «стандарт». Такие дела.

Как исправить 405 Method Not Allowed?

Ок, небольшой ликбез провел, теперь расскажу о том, что можно предпринять, чтобы исправить обнаруженную ошибку и вернуть посетителям доступ к сайту. 

Что может сделать пользователь?

Ошибка Method Not Allowed под номером 4хх вроде бы говорит о вине клиента. Но несмотря на это, пользователь мало что может сделать, чтобы устранить проблему. В его компетенции только убедиться в том, что он не допустил ошибку в базовых вещах, и попробовать повторить те же действия в надежде на успех.

Заново открыть ту же страницу

Иногда 405 Method Not Allowed может исчезнуть после перезагрузки страницы. Так что перед тем как принимать сложные решения и жаловаться на владельцев сайта, нажмите F5 или Cmd + R раза два. 

Проверить, правильно ли он ввел URL-адрес

Несложная задача, но полезная. Как и в случае с кучей других ошибок, 405 может явиться из-за банальной опечатки или лишнего символа. К тому же многие серверы защищены таким образом, чтобы напрочь блокировать доступ к несуществующим страницам или каким-либо подуровням (в которые человек может пытаться залезть неслучайно). 

Так что пользователю стоит заглянуть в адресную строку браузера и убедиться в корректности введенной ссылки. Если что-то нет так, то лучше открыть главную страницу сайта и искать нужную информацию там, а не пытаться попасть на нее, вводя адрес вручную. 

Что может сделать владелец сайта?

Как это часто бывает, у сервера гораздо больше способов исправить клиентскую ошибку. Тут реально целый ворох решений: от удаления подозрительных компонентов из CMS до редактирования конфигурационных файлов. 

Проверить настройки сервера

Тут будут инструкции для владельцев сайтов на базе Apache и Nginx в Timeweb. Понятно, что есть другие варианты конфигураций, но эти два — чуть ли стандарт, использующийся повсеместно. А информация, касающаяся конкретно Timeweb, заденет только расположение файлов и работу с панелью управления хостинга. Остальные моменты универсальны. 

Инструкция для пользователей Apache

Наша задача состоит в том, чтобы в файле .htaccess найти записи, которые могут провоцировать появление ошибки 405. А потом их закомментировать или удалить. Чтобы это сделать:

• Открываем панель управления Timeweb.
• Ищем внутри вкладку «Файловая система» и переходим на нее.
• Открываем файл .htaccess.
• Внутри .htaccess ищем директивы Rewrite… (обычно это RewriteEngine, RewriteCond и RewriteRule).

Эти директивы помогают в настройке переадресации и некоторых других аспектах поведения сервера. Например, чтобы заставить сервер отправлять клиенту ошибку на каждый запрос GET, можно ввести такой код:

RewriteEngine on 
RewriteCond %{REQUEST_URI} ^/ru/services/?.$ 
RewriteCond %{REQUEST_METHOD} =GET 
RewriteRule ^(.)$ http://timeweb/ru/new$1 [R=405,L]

За появление ошибки отвечает запись [R=405,L]. То есть в настройках указано, как себя будет вести сервер при определенном запросе. Надо найти все такие директивы и закомментировать их, поставив # перед записью.

Инструкция для пользователей Nginx

Здесь нужно сделать примерно то же. Разница в том, как выглядит файл с настройками и в его расположении. 

• Ищем файл nginx.conf по пути /usr/local/nginx/conf или /usr/local/etc/nginx.
• Открываем его любым текстовым редактором.
• Находим код, включающий в себя упоминание ошибки 405.

В Nginx код выглядит немного сложнее. Например, запрос метода для ссылки https://moysait.com/ru/services/create будет выглядеть так:

server { listen 80; listen 443 ssl;

server_name moysait.com;

location /users/create { if ($request_method = POST) { return 405 https://moysait.com/services/create$request_uri; } } }

Делаем ту же процедуру. Останавливаемся везде, где находим директиву с ошибкой 405. Анализируем ее (вдруг, она тут случайно). И при необходимости комментируем или удаляем.

Исправить проблемы, связанные с PHP-скриптами

Ошибки могут возникнуть при попытке импортировать или экспортировать слишком объемную базу данных. На хостинге может быть установлено ограничение в полминуты, запрещающее использовать один PHP-скрипт дольше этого времени. Поэтому, если процесс затянется, сервер может отозваться ошибкой 405.

Обойти ограничение можно тремя путями:

• Попробовать экспортировать БД через phpMyAdmin.
• Разбить файл БД на несколько мелких частей, передача каждого из которых займет меньше 30 секунд.
• Использовать для передачи БД Cron-задачу. На них сервер выделяет больше времени.

Еще специалисты рекомендуют удалить статические файлы с разрешением, которые Nginx обрабатывать не должен. Это делается через панель управления хостингом в соответствующем разделе файлового менеджера.

Исправить эксклюзивные для Nginx ошибки

Как мы уже выяснили выше, ошибка может возникнуть при попытке использовать неподходящий метод. Вот как можно исправить это в случае с Nginx-сервером.

Первый вариант — убедить сервер в том, что вместо кода 405 надо отправлять код 200, и это вполне нормально:

server { 
   listen 80; 
   server_name localhost;
location / { 
   root html; 
   index index.html index.htm; } 
error_page 404 /404.html; 
  error_page 403 /403.html; 
error_page 405 =200 $uri;

…

}

Для тех, у кого Nginx-сервер — это proxy, понадобится вот такой код:

error_page 405 =200 @405; 

location @405 { root /htdocs; proxy_pass http://localhost:8080; }

Аналогичная ошибка возникает при работе с модулем FastCGI. Из-за него сервер неправильно считывает запросы с методом POST, поэтому необходимо делить параметры и адрес скрипта вот так:

location ~.php(.*) {
 fastcgi_pass 127.0.0.1:9000;
 fastcgi_split_path_info ^(.+.php)(.*)$;
 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 fastcgi_param PATH_INFO $fastcgi_path_info;
 fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
 include /etc/nginx/fastcgi_params;
}

Далее речь пойдет об общих методах диагностики и исправления ошибок. На крайний случай, если конкретные решения не помогли.

Проанализировать все недавние изменения в коде

Если недавно что-то поменяли, а после этого все сломалось, то надо это «поменяли» рассмотреть подробнее. Провести ручной дебаггинг, если можно это так назвать. Наверняка где-то затесалась несерьезная, но обидная ошибка. 

Удалить сторонние дополнения для CMS

Если вы используете условный WordPress, то разного рода ошибки могут подкрасться оттуда, где их не ждешь. Например, после установки нового расширения. 

Так что при подозрении на наличие сбойного дополнения, лучше попробовать от него избавиться и посмотреть, что будет. Возможно, ошибка исчезнет. 

После этого уже можно будет поискать альтернативное расширение или пообщаться с разработчиками по поводу того, почему вообще возникает сбой.

Главное, не забудьте сделать резервную копию CMS перед тем, как что-то удалять и менять. И продолжайте делать бэкапы после, чтобы всегда можно было восстановить рабочую версию сайта.

Откатиться на более старую версию CMS

Бывает так, что сама CMS несет в себе баги и ошибки. Ну или криво установилась. В таком случае можно восстановиться из старой резервной копии и откатиться на одну или несколько версий в прошлое. Когда все работало без ошибок.

Проверить новые записи в базе данных

Расширения могут вносить изменения в базу данных сайта. Иногда не очень полезные. Надо проверить, не появилось ли после установки свежего дополнения каких-либо непрошенных изменений в базе данных. Может, появились подозрительные записи, которых не должно быть. Лучше подвергнуть анализу всю БД от начала до конца (если другие методы исправления ошибки 405 не помогли, конечно).

На этом будем заканчивать. Мы и так уже перешли на самые маловероятные способы исправления этой ошибки. Надеюсь, они не понадобятся, но знать о таких вариантах стоит. Вдруг эти знания когда-нибудь спасут вас и посетителей вашего сайта.

I recently discovered that when I make a PUT request to Apache to a file or directory that does not exist I get a 405 Method Not Allowed error instead of a 404 Not Found error. I am curious as to why?

PUT request from curl:

curl -i -X PUT -d '{"var":"val"}' "http://server/doesNotExist.htm"

Response from server:

HTTP/1.1 405 Method Not Allowed
Date: Sat, 16 Dec 2017 03:31:18 GMT
Server: Apache/2.2.15 (CentOS)
Allow: GET,HEAD,POST,OPTIONS,TRACE
Content-Length: 316
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>405 Method Not Allowed</title>
</head><body>
<h1>Method Not Allowed</h1>
<p>The requested method PUT is not allowed for the URL /doesNotExist.htm.</p>
<hr>
<address>Apache/2.2.15 (CentOS) Server at xxx.xxx.xxx.xxx Port 80</address>
</body></html>

When making a call to a directory that does not exist, I get the same 405 error instead of the expected 404. I am running Apache 2.2.15 on CentOS 6.9 with PHP 5.6.31. The httpd.conf file has not been modified.

What is Apache doing? Is there any way to make it return a 404 instead of the 405 if a file does not exist?

UPDATE:

When making a PUT request to a file that does exist I get a 200 OK.

HTTP/1.1 200 OK
Date: Sat, 16 Dec 2017 04:38:21 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.6.31
Content-Length: 2742
Connection: close
Content-Type: text/html; charset=UTF-8

<content of file here>

UPDATE 2:

I noticed that if I make a PUT request to a .php file that does not exist i.e. «doesnotexist.php» I get a 404. If I make a PUT request to a .htm file i.e. «doesnotexist.htm» or to a directory i.e. «http://server/doesnotexist» I get a 405.

Are you experiencing a 405 Method Not Allowed error? Let’s dive into the causes and fixes for this HTTP error.

HTTP errors can be confusing and cryptic, but are important for developers to sort out quickly when they learn users are having issues accessing parts of their web applications. Users have very short attention spans and will take their time (and money) elsewhere if your application starts throwing errors and preventing proper usage.

You should maintain an accessible and easy-to-use contact page on your application, so that users can report bugs and issues. If you are an end-user, trying to access a website, and happen upon this error, you don’t have many options. See the first solution for the only option for an end-user to solve the problem. Beyond that option, contacting the website administrator to let them know about the problem and error code is extremely useful and much appreciated.

HTTP status codes are broken into five main classes, with the first digit identifying the class and the two following digits identifying the specific status code:

• informational (1xx)
• successful (2xx)
• redirection (3xx)
• client errors (4xx)
• server errors (5xx)

There are over 50 status codes that can interact, and parsing out the reason a specific code is thrown is rarely straightforward. Depending on the server your website is using, the HTTP message may vary, but 405 should be clearly stated somewhere in the error. First, let’s take a closer look at what HTTP methods are.

HTTP Methods

Without being too technical, HTTP (Hypertext Transfer Protocol) works by sending a request to the intended server and then returning a response to the client-side. HTTP methods tell the server what it needs to send or do. The two most common HTTP methods are GET and POST. GET is used to retrieve data from the server without making any changes. When you search for a website or keyword on a website, you are using the GET HTTP method. POST is used to either add or update data, such as stored password or user information. When you create an account on an application, you are taking advantage of the POST Method. Other HTTP methods include HEAD, PUT, DELETE, CONNECT, TRACE, and OPTIONS.

What causes the ‘405 Method Not Allowed’ HTTP error?

These methods are specific enough that if a client attempts to send an incorrect HTTP Method, the ‘405 Method Not Allowed’ error may arise. For example, if a URL is intended to receive the GET method (a simple page with no special scenarios), but the client requests using the POST method, the server may fail to accept that POST request.

Since you are seeing a 405 Method Not Allowed error, this seems to point to a client error. Typically, this client error can be attributed to a content management system (CMS), but there are some server-side problems that can trigger this HTTP error as well.

Client-side Causes:

• Wrong URL used
• Incompatibilities following content management system modifications

Server-side Causes:

• Server Configuration issues
• Source code introduced bugs/errors

When troubleshooting and making changes to an application or website components, best practice at minimum requires an application backup. Preferably, you will do all updates and work on a secondary offline server for testing and staging. This will prevent any further damage to your original live application, allowing users to continue using the functioning parts of your website. At the same time, you will be able to take your time and test to your heart’s content, to assure all problems are resolved.

Client-side solutions

Wrong Requested URL

If you are an end-user, the user trying to access the website, then you have one option to solve this problem without getting a website administrator involved. If you have manually entered a specific URL, you may have introduced some errors. Double-check that the URL you are requesting is correct. If you cannot find the link to that section of the website from the main website, chances are, that the URL is not correct. Rarely do website administrators design stand-alone URLs for users to access.

As a website administrator, owner, or developer, if a user contacts you, try to determine the exact URL they are attempting to access. By collecting as much information as possible from the user, you can better understand what went on and the series of factors that might have contributed to the 405 Method Not Allowed HTTP error. If a user is trying to access a private or non-existent URL, you can direct them to the correct URL.

Content Management System Incompatibilities

Content management systems (CMS) are incredibly useful and common on the internet. Allowing new or hobby website administrators an easy way to manage their content. Content management systems handle the majority of the complicated back-end workings, providing administrators with more time to work on their valuable content.

At the same time, content management systems are highly customizable and if you have made changes to any source code, perhaps PHP, updates, themes, or otherwise, problems can arise. The most popular content management systems are WordPress, Drupal, and Joomla.

Revert to Previous version of CMS

If the unintended consequences of some customization have caused the ‘405 Method Not Allowed’ you should always be able to revert changes by rolling back to an earlier update. While most popular CMS are highly stable, you can downgrade to temporarily solve the problem. If you do end up rolling back a CMS update, this should not be a permanent move. The updates are intended to roll out important security and bug updates. Failing to update your CMS for an extended period of time can lead to even more unintended consequences.

• If you are downgrading WordPress, there are quite a few methods available. The easiest method is through a plugin called WP Downgrade. This allows you to avoid manually changing any files. Be sure to back up your site before starting a downgrade!
• If you want to downgrade Drupal, you may have some issues. Drupal’s modules (Composer, for example) can be downgraded, but Drupal core cannot. Before you make any changes to your CMS, it’s important to get in the habit of backing up your application.
• Joomla also does not allow downgrading. Joomla can only be reverted to an earlier update through the use of a back-up.

Uninstall Themes and Plugins

Extensions, themes, and plugins are a way to further customize your CMS and can be a great way to improve your productivity, application, and interface. Plugins and themes are usually created by the community and may be open-source or have an associated fee. Because they are not thoroughly tested by WordPress, Drupal, or Joomla, there can be bugs and incompatibilities.

How to delete a theme in WordPress:

1. Navigate to your WordPress admin dashboard, on the left-hand side select Appearance, then Themes.
2. Activate another WordPress theme, as you cannot delete a theme that you are currently using.
3. Hover over the theme you want to delete and select Theme Details. The Delete button will be in the bottom right-hand corner.

How to delete a theme in Drupal:

Drupal has two main theme designations, core or contributed. The core themes are included when Drupal is first installed and launched. Contributed themes are those you have installed yourself. These should be kept in separate file locations:

• Core: Drupal(root) > Themes > bartik, engines, garland, seven, stark
• Contributed Themes: Drupal (root)> Sites > All > Themes > yourthemes

To delete a specific theme, simply delete the entire directory folder for that theme:

1. From the Drupal site you can also navigate to the Manage tab, select Appearance, and then underneath the Installed Themes section find the theme you would like to remove.
2. Click Uninstall.

How to delete a theme in Joomla:

1. To permanently delete a theme in Joomla, access your Extension Manager.
2. Click on the Manage tab on the left-hand side, and check the box for the theme you’d like to remove. On the toolbar above, click Uninstall.

If a theme change was the cause of the ‘405 Method Not Allowed’ error, this should fix the problem.

How to uninstall WordPress plugins:

Plugins are a major component of WordPress and, thankfully, are easy to uninstall if any compatibility problems or bugs arise.

1. From the admin dashboard, navigate to the Plugin section and select Installed Plugins. From the list, locate the plugin you want to remove.
2. Click Deactivate and when the plugin refreshes, click Delete. Confirm that you want to delete that plugin, and click Yes, Delete These Files.

Check the Database

WordPress is especially susceptible to unintended database changes because of plugins. WordPress has no explicit protections for your database, against problematic plugins. Unless a developer codes the plugin permissions to specifically not edit your database, there is no protection against changes. Deleting the plugin that has edited your database and caused problems will unfortunately not reverse these changes. WordPress cautions inexperienced users from blindly making changes to their database. If you need assistance, you can contact WordPress and an engineer will reach out to assist you.

To access your database on WordPress:

1. On your admin dashboard, click My Sites, next find and click Settings, then Hosting Configuration.
2. Look for the Open phpMyAdmin button. A new tab will open and if you are not redirected, click the link towards your database.

1. Now you will want to check all the entries in your database tables and records. You should be able to see which records and tables were modified by the suspected extension.

Note: If you don’t have experience in managing databases, it’s best to ask for expert help to troubleshoot.

Server-side solutions

Debug Source Code

This solution will be difficult to work through if you have limited working knowledge of coding. Most major CMS use PHP on the backend. When you are having persistent ‘405 Method Not Allowed’ errors, you may need to manually check the source code of your site or application.

WordPress has a debugging feature that can help you find errors. To enable debugging:

1. Use either cPanel or FTP to access your web application’s files. In your root folder, locate wp-config.php and open this file for editing.

1. Search for the following code: (‘WP_DEBUG’,false);
2. Replace that line with the following code snippet:
   // Enable WP_DEBUG mode
   define( ‘WP_DEBUG’, true );
   
   // Enable Debug logging to the /wp-content/debug.log file
   define( ‘WP_DEBUG_LOG’, true );

   // Disable display of errors and warnings
   define( ‘WP_DEBUG_DISPLAY’, false );
   @ini_set( ‘display_errors’, 0 );

   // Use dev versions of core JS and CSS files (only needed if you are modifying these core files)
   define( ‘SCRIPT_DEBUG’, true );

3. This snippet saves a debug log to your files for you to view at your leisure. Save the file and you can reload your site. Access the same URL or repeat the process that triggered the ‘405 Method Not Allowed’ error. Now you can access your site files again and find a new debug log located at /wp-content/debug.log. With this added information, you should be able to determine the file path and other details on the error source.

Debugging for Joomla or Drupal:

Xdebug is a well-known debugging tool for PHP code. If you are using Joomla or Drupal, it may be best to download Xdebug. Download and setup can be a bit technical, so the following links can help you in that process for each CMS:

• Configuring Xdebug for Joomla
• Configuring Xdebug for Drupal

Check Server Configuration

Looking at your server configuration can give you insights into the HTTP request handling process. Most likely, your web application or site runs on Apache web server software or NGINX web server software. There are a few other possibilities, such as Node.js and Apache Tomcat.

To check your server’s configuration file:

1. Access your root directory, as in previous solutions, using FTP or cPanel.
2. Look for one of the following files:
   Apache server: .htaccess
   NGINX server: nginx.conf
3. Click whichever configuration file you find. Now you want to look for directives of either Rewrite rules (Apache) or those using 405 response code flags (NGINX).
4. Temporarily comment out those directives can check your website again to see if the error is resolved.

Server configuration files are not easy or simple to understand. If you are having issues and want further explanations or directions, look towards these resources, to get some in-depth information:

• Apache Server Configuration
• NGINX Server Configuration

405 Method Not Allowed HTTP error resolved

HTTP errors can be difficult to troubleshoot because they can be caused by a myriad of nonspecific causes. Finding the solution may take some trial and error, plus patience. HTTP errors are classed into 5 major categories to help differentiate the status codes. Knowing if the HTTP error is client-side or server-side can give you a better idea of where to start troubleshooting.

The ‘405 Method Not Allowed’ status code points toward a client-side issue, but some server-side solutions have been included to be thorough. Checking the URL should be the first solution when tackling this problem. If any recent changes were made to your web application or site, it’s important to roll those CMS changes back to rule that out as the problem. If using WordPress, the database should be checked because plugins can cause issues. Finally, if the client-side solutions don’t solve the error, move to the server-side solutions. These include checking the server configuration and debugging your source code.

Resolving the ‘405 Method Not Allowed’ HTTP error quickly will return your site to full functionality. This will prevent the loss of users and visitors that are likely to click away from your site when errors like this arise.

The 405 Method Not Allowed is an HTTP response status code indicating that the server received and recognized the specified request HTTP method, but the server rejected that particular method for the requested resource. This code response confirms that the requested resource is valid and exists, but the client has used an unacceptable HTTP method during the request.

Like most HTTP response codes — especially for those that indicate an error — it can be challenging to find the cause of a 405 Method Not Allowed response. 

In this article, we’ll examine the 405 Method Not Allowed in more detail. We’ll look at what might cause this message, along with a handful of tips for diagnosing and debugging the appearance of this error within your application. We’ll also examine popular content management systems (CMSs) for potential problem areas that could cause an unexpected 405 Method Not Allowed.

Server- or Client-Side?

All HTTP response status codes in the 4xx category are client error responses. This category contrasts with 5xx classification errors, such as the 503 Service Unavailable Error. These are server error responses. That said, the appearance of a 4xx error doesn’t necessarily mean the issue is on the client-side, where the “client” is the web browser or device being used to access the application. 

If you’re trying to diagnose an issue within your application, you can ignore most client-side code and components, such as HTML, cascading style sheets (CSS), client-side JavaScript, etc. This doesn’t apply solely to websites, either. Standard web applications power many smartphone apps that implement a modern-looking user interface.

On the other hand, this doesn’t entirely rule out the server as the actual cause of a 405 error. In some cases, the server may be mishandling requests. This could result in 405 code responses and other problematic traffic routing issues. We’ll explore some of these scenarios (and potential solutions) below. Be aware that, even though the 405 Method Not Allowed is considered a client error response, it doesn’t inherently mean we can rule out the client or the server as the culprit.

Start With a Thorough Application Backup

It is critical that you perform a complete backup of your application before attempting any fixes to the system. 

Even better, create a complete copy of the application onto a secondary staging server that isn’t active. This will give you a clean testing ground to test all potential fixes without threatening your live application.

Diagnosing a 405 Method Not Allowed

As discussed in the introduction, a 405 Method Not Allowed indicates that the user agent (the web browser, in most cases) has requested a valid resource using an invalid HTTP method. 

This could happen in a few different circumstances:

• The user agent accidentally sent an incorrect HTTP method
• The server is expecting only a handful of valid HTTP methods for the requested resource

Currently, there are nine possible HTTP methods, though some of them are far more prevalent than others. For example, the GET method handles most requests made on the Internet to retrieve data (i.e. “get” a page or resource). The POST method is the second-most common, and it’s typically used to send data to the server (such as login credentials).

Since each possible HTTP method has its own intended uses, it often doesn’t make sense for a server to accept requests using specific methods for particular resources. For example, a resource might exist at the URL https://airbrake.io/users/create, where the server creates a new user when valid credentials are sent via a POST HTTP method request. Therefore, it makes no sense for the server to accept a GET request at that resource/URL, so it may respond with a 405 Method Not Allowed code.

Troubleshooting on the Client-Side

Since the 405 response is a client error response code, it’s best to start troubleshooting any potential client-side issues. Here are a handful of tips to try on the browser or device giving you problems.

Check the Requested URL

The most common cause of a 405 Method Not Allowed is simply inputting an incorrect URL. As discussed before, many web servers will disallow access to improper URLs. 

This could be anything from trying to access a file directory via a URL to gaining access to a private page meant for other users. Double-check the exact URL returning the 405 Method Not Allowed error.

Debugging Common Platforms

If you’re running common software packages on the server responding with the 405 Method Not Allowed, you may want to look into the stability and functionality of those platforms. 

The most common content management systems (CMSs) — like WordPress, Joomla!, and Drupal — are typically well-tested. Once you start making modifications to the underlying extensions or PHP code, it’s easy to cause unforeseen issues resulting in a 405 error.

Troubleshoot some of these popular software platforms using the tips below.

Rollback Recent Upgrades

Suppose you recently updated the content management system before the 405 Method Not Allowed appeared. You may want to consider rolling back to the previous version you had installed when things were working fine. 

Similarly, any extensions or modules you may have recently upgraded can also cause server-side issues, so reverting to previous versions may also help. 

Simply Google “downgrade [PLATFORM_NAME] for assistance with this task.” In some cases, however, certain CMSs don’t provide a version downgrade capability, which indicates that they consider the base application and each new version released to be stable and bug-free. 

Uninstall New Extensions, Modules, or Plugins

New extensions, modules, and plugins within your CMS all serve the same purpose across every system: improving the capabilities and features of the platform beyond what it’s typically capable of out of the box. 

A word of caution: such extensions can take complete control of the system and make virtually any changes. As such, it may be wise to uninstall any new extensions if you suddenly see a 405 error. 

Check for Unexpected Database Changes

It’s worth noting that, even if you uninstall an extension through the CMS dashboard, this doesn’t guarantee that changes made by the extension will fully revert. This is particularly true for many WordPress extensions. Some of these extensions are given carte blanche within the application, including full access rights to the database. 

For example, some extensions modify database records that don’t “belong” to the extension itself but are instead created and managed by other extensions (or even the base CMS itself). The extension may not know how to revert alterations to database records, so it will ignore such things during uninstallation. 

Your best course of action is to open the database and manually look through records that the extension modified. 

Troubleshooting on the Server-Side

If you aren’t running a CMS application — or even if you are, but you’re confident the 405 Method Not Allowed error isn’t related to that — here are some additional tips to help you troubleshoot what might be causing the issue on the server-side of things.

Confirm Your Server Configuration

Your application is likely running on a server using one of these three popular webserver software: Apache, nginx, or Cloudflare. At the time of publication, these web servers make up over 86% of the world’s web server software! Check your configuration files for your web server software for unintentional redirect or request handling instructions.

Apache

To determine which web server your application uses, look for a key file. If your web server is Apache, look for an .htaccess file within the root directory of your website file system. 

For example, if your application is on a shared host, you’ll likely have a username associated with the hosting account. You can find the application root directory at the path of /home/<username>/public_html/, so the .htaccess file would be at /home/<username>/public_html/.htaccess.

Once you’ve located the .htaccess file, open it in a text editor. Look for lines that use RewriteXXX directives, which are part of the mod rewrite module in Apache. Covering exactly how these rules work is well beyond the scope of this article. However, the basic concept is that a RewriteCond directive defines a text-based pattern that is matched against entered URLs. Suppose a visitor requests a matching URL to the site. In that case, the RewriteRule directive that follows one or more RewriteCond directives is used to perform the actual redirection of the request to the appropriate URL.

For example, here is a simple RewriteRule that matches all incoming GET requests to https://airbrake.io/users/create and responds with a 405 Method Not Allowed error code:

RewriteEngine on

RewriteCond %{REQUEST_URI} ^/users/create/?.*$

RewriteCond %{REQUEST_METHOD} =GET

RewriteRule ^(.*)$ https://airbrake.io/users/new$1 [R=405,L]

Notice the R=405 flag at the end of the RewriteRule, which explicitly states that the response code should be 405. This indicates to user agents that the resource exists, but the provided HTTP method is not allowed. If you find any strange RewriteCond or RewriteRuledirectives in the .htaccess file that doesn’t belong, try temporarily commenting them out (using the # character prefix) and restarting your web server to see if this resolves the issue.

nginx

On the other hand, if your server is running on nginx, you’ll need to look for a completely different configuration file. By default this file is named nginx.conf. It’s located in one of a few common directories: /usr/local/nginx/conf, /etc/nginx, or /usr/local/etc/nginx. 

Once located, open nginx.conf in a text editor and look for directives that are using the 405 response code flag. For example, here is a simple block directive (i.e. a named set of directives) that configures a virtual server for airbrake.io and ensures that a POST request to https://airbrake.io/users/create fails and is responded with a 405 response code:

server { 

    listen 80;

    listen 443 ssl;    

    server_name airbrake.io;    

    location /users/create {

        if ($request_method = POST) {

            return 405 https://airbrake.io/users/create$request_uri;

        }

    }

}

Look through your nginx.conf file for any abnormal directives or lines that include the 405 flag. Comment out any abnormalities. Once that’s done, restart the server and see if the issue is resolved.

Configuration options for each different type of web server can vary dramatically. We’ll just list a few popular ones to give you some resources to look through:

• Apache
• Nginx
• Cloudflare
• IIS
• Node.js
• Apache Tomcat

Look Through the Logs

Nearly every web application will keep some form of server-side logs. Application logs are typically the history of what the application did, such as pages requested, connected servers, database results, etc. 

Server logs are related to the actual hardware running the application. Logs will often provide details about the health and status of all connected services or the server itself. 

Google “logs [PLATFORM_NAME]” if you’re using a CMS, or “logs [PROGRAMMING_LANGUAGE]” and “logs [OPERATING_SYSTEM]” if you’re running a custom application to get more information on finding the logs in question.

Debug Your Application Code or Scripts

If all else fails, it may be a problem in some custom code within your application. Manually debug your application and parse through application and server logs to diagnose where the issue may be coming from. Or, you can see the error in a manner of seconds using an error monitoring tool.

Airbrake’s error and performance monitoring software provides real-time error monitoring and automatic exception reporting for all development projects. In addition to this, Airbrake integrates with all popular languages and frameworks. Plus, Airbrake makes it easy to customize exception parameters, so you only gather the errors that matter.

See why so many of the world’s best engineering teams use Airbrake to revolutionize their exception handling practices and create your free dev account today. 

Note: We published this post in January 2018 and recently updated it in June 2022.