4

I recently discovered that when I make a PUT request to Apache to a file or directory that does not exist I get a 405 Method Not Allowed error instead of a 404 Not Found error. I am curious as to why?

PUT request from curl:

curl -i -X PUT -d '{"var":"val"}' "http://server/doesNotExist.htm"

Response from server:

HTTP/1.1 405 Method Not Allowed
Date: Sat, 16 Dec 2017 03:31:18 GMT
Server: Apache/2.2.15 (CentOS)
Allow: GET,HEAD,POST,OPTIONS,TRACE
Content-Length: 316
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>405 Method Not Allowed</title>
</head><body>
<h1>Method Not Allowed</h1>
<p>The requested method PUT is not allowed for the URL /doesNotExist.htm.</p>
<hr>
<address>Apache/2.2.15 (CentOS) Server at xxx.xxx.xxx.xxx Port 80</address>
</body></html>

When making a call to a directory that does not exist, I get the same 405 error instead of the expected 404. I am running Apache 2.2.15 on CentOS 6.9 with PHP 5.6.31. The httpd.conf file has not been modified.

What is Apache doing? Is there any way to make it return a 404 instead of the 405 if a file does not exist?

UPDATE:

When making a PUT request to a file that does exist I get a 200 OK.

HTTP/1.1 200 OK
Date: Sat, 16 Dec 2017 04:38:21 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.6.31
Content-Length: 2742
Connection: close
Content-Type: text/html; charset=UTF-8

<content of file here>

UPDATE 2:

I noticed that if I make a PUT request to a .php file that does not exist i.e. "doesnotexist.php" I get a 404. If I make a PUT request to a .htm file i.e. "doesnotexist.htm" or to a directory i.e. "http://server/doesnotexist" I get a 405.

user2395126
  • 297
  • 1
  • 4
  • 10
  • 1
    What do you get when you try a PUT on a URL that does exist? – Stephen C Dec 16 '17 at 04:35
  • See also: https://serverfault.com/questions/438183/how-to-enable-all-http-methods-in-an-apache-http-server. The problem could be that *all* PUT requests are blocked ... unless they have been enabled. – Stephen C Dec 16 '17 at 04:40
  • Excellent question! I get a 200 OK for files that do exist. – user2395126 Dec 16 '17 at 04:42
  • Also see update 2 - I get a 404 for requests to files that do not exist ending in .php but a 405 for files ending in other extensions (like .htm) and for directories. – user2395126 Dec 16 '17 at 04:51

1 Answers1

4

The evidence you have provided suggests that the 405's occur when a PUT request is directed to the default request handler. (The PUT behavior is different for the PHP handler.)

The default handler is checking the request method before it checks whether the resource exists and has the correct permissions. Since the default handler doesn't support PUT unless this is enabled, you are seeing 405's rather than 404's.

The PUT method is typically enabled by listing it in the <limit> config.

Stephen C
  • 541
  • 4
  • 18