Hello,
I'm experiencing an issue with my LiteSpeed setup (Enterprise version) running on Ubuntu 20.04 with DirectAdmin. Despite several attempts, I can't get the PUT, DELETE, or PATCH HTTP methods to work. They all return a 405 Method Not Allowed error when called via Postman or curl.
Here's the full context of the environment:
I have:
1. Verified that the .htaccess contains this directive:
2. Created a PHP script to dump $_SERVER and confirmed that POST requests work, but PUT requests immediately trigger a 405 error.
3. Used nmap --script http-methods which shows only: OPTIONS HEAD GET POST as allowed.
4. Tried adding global <httpServerConfig> rules in /usr/local/lsws/conf/httpd_config.xml with:
But no change.
5. Confirmed that there is no reverse proxy interfering, and the response headers show LiteSpeed is handling the requests directly.
6. Verified that mod_security is not running, and nothing in error.log indicates it is denying requests.
At this point, it seems like something in the default DirectAdmin + LiteSpeed setup is preventing these methods globally, and I can’t locate where the restriction is coming from.
I would appreciate any guidance on how to fully enable these HTTP methods.
Thanks in advance.
I'm experiencing an issue with my LiteSpeed setup (Enterprise version) running on Ubuntu 20.04 with DirectAdmin. Despite several attempts, I can't get the PUT, DELETE, or PATCH HTTP methods to work. They all return a 405 Method Not Allowed error when called via Postman or curl.
Here's the full context of the environment:
- LiteSpeed Enterprise (installed manually)
- DirectAdmin control panel
- PHP 7.4 (lsphp74)
- No Nginx or Apache reverse proxy
- mod_security is fully disabled
- Default server response header is: Server: LiteSpeed
I have:
1. Verified that the .htaccess contains this directive:
Apache config:
<LimitExcept GET POST OPTIONS HEAD>
Require all granted
</LimitExcept>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(PUT|DELETE|PATCH)$
RewriteRule ^(.*)$ $1 [L]3. Used nmap --script http-methods which shows only: OPTIONS HEAD GET POST as allowed.
4. Tried adding global <httpServerConfig> rules in /usr/local/lsws/conf/httpd_config.xml with:
Apache config:
<httpServerConfig>
<accessControl>
<allowMethods>ALL</allowMethods>
</accessControl>
</httpServerConfig>5. Confirmed that there is no reverse proxy interfering, and the response headers show LiteSpeed is handling the requests directly.
6. Verified that mod_security is not running, and nothing in error.log indicates it is denying requests.
At this point, it seems like something in the default DirectAdmin + LiteSpeed setup is preventing these methods globally, and I can’t locate where the restriction is coming from.
I would appreciate any guidance on how to fully enable these HTTP methods.
Thanks in advance.
