Web server that does not allow PUT and DELETE?

Question

I am trying to implement a REST protocol and have realized in trying to debug that my webserver is disallowing the PUT request.

I have tested and confirmed this further by running: curl -X PUT http://www.mywebserver.com/testpage

which for my web server gives back a 403 - Forbidden error

The same happens for DELETE, where as for POST and GET everything is fine.

I am wondering if this is a common issue that those who use REST encounter and what the work-around might be?

Could I make a simple change to an .htaccess file? Or do I need to modify the protocol to set a hidden variable "_method" in the POST query string?

Thank you for any help with this.

Answer 1

Often web servers will be configured to block anything except GET and POST since 99% of the time they're all that are needed and there have been problems in the past with applications assuming the requests were one of those two.

You don't say which server it is but, for example, you can tell Apache which methods to allow with the directive:

eg:

<Limit POST PUT DELETE>

Require valid-user

</Limit>

It sounds like maybe some helpful sysadmin has used this to block non GET/POST

You could try an .htaccess with

<Limit GET POST PUT DELETE>

Allow from all

</Limit>

(I'm not an expert at apache, this may not be exactly correct)

Answer 2

The X-HTTP-Method-Override http header is the most standardardized of workarounds. See this blog post for details of how to test with curl.