Web servers inform clients, like internet browsers for example, about the processing status of the submitted request with the help of HTTP status codes. So there are various codes that confirm the success or failure of a request – along with very specific messages. While some of these messages are encountered relatively frequently with daily use of the World Wide Web, the 405 (Method Not Allowed) error is one of the more rare error messages. In this article you’ll find out exactly what leads to this error message, and why solving the problem is the responsibility of the website operator.
What’s behind the 405 HTTP error?
The Hypertext Transfer Protocol (HTTP for short) defines methods that indicate possible actions that can be performed on the contacted web server. For example, this includes the following methods:
- GET: Retrieve information associated with a specific URL resource
- HEAD: Retrieve header information linked with a URL resource
- POST: Send data to the web server – for example, form data
- PUT: Replace the data for a specific URL with new data transmitted by the client
- DELETE: Delete the data behind the respective URL
The administrator can configure each web server so that the individual methods are either allowed or not allowed. For example, if there’s no interactive content on the website, it’s only logical that the POST method isn’t allowed, since the user has no options to enter their own data and send it to the server. Otherwise, the error message mentioned above with the status code 405 would appear, informing the browser and its user that the method is not allowed.
The exact wording of the 405 HTTP message varies from server to server. Here are some common phrases:
- 405 Method Not Allowed
- 405 Not Allowed
- Method Not Allowed
- HTTP 405 Error
- HTTP Error 405 – Method Not Allowed
- HTTP 405 Method Not Allowed
- Error: 405 Method Not Allowed
- 405 – HTTP verb used to access this page is not allowed
- HTTP Status 405 – HTTP method GET is not supported by this URL
When does the 405 error occur?
We have already indicated that the 405 error is caused solely by a server-side problem. But since status code 405 technically belongs to the client error messages (codes with the pattern 4xx), this doesn’t seem to make sense. This contradiction is quickly solved, though: If, as a browser user, you forward a request to the webserver with an HTTP method that it doesn’t allow due to its configuration, the error lies on the client side from the server’s point of view – in this case, the client simply made a wrong request. The server isn’t aware when processing the request of the fact that you’re only interested in the website’s offer, for example, to fill out a contact form.
Three scenarios in particular can lead to a “Method Not Allowed” error message:
- The ban of the corresponding HTTP method is due to a misconfiguration of web servers or software components that are supposed to perform the respective action for the desired URL resource.
- The ban of the HTTP method is from the website operator – in most cases, for security reasons. The error lies in a URL resource of the web project in question, on the grounds that its programming requires its method to not be allowed.
- The HTTP method is not allowed by the hosting provider of the website operator. This particularly occurs with the POST method, which is required for entering data and is blocked by some providers for security reasons when accessing HTML documents.
HTTP error 405: How to fix the problem
If you come across a web project that displays the 405 Not Allowed error message, you can hardly solve the problem yourself. While with other HTTP messages you can usually solve the problem using tricks like refreshing the page, restarting the router, or checking the proxy settings, these measures are useless against the 405 error. In this case, it makes sense to contact the responsible website operator or administrator to make the problem known or receive exact information about the causes.
If you yourself are responsible for the site that is displaying the 405 HTTP code to visitors, then the circumstances are of course different: Depending on the cause of the error message, you have several options for solving the problem. To avoid angering your users and/or being penalized by search engines, you should resolve the error as quickly as possible.
Solution 1: Enable HTTP methods
If you’re not sure of the cause of the “405 Method Not Allowed” message, you should always first look at the settings of the software components that are responsible for responding to HTTP requests. Typically, this is handled by the web server, but a pre-connected Proxy or HTTP handler (in ASP.NET web applications) could also be responsible for the problem if the method is simply not enabled. Since the different applications differ from each other in terms of configuration, you first have to find out how the activation or deactivation of the HTTP methods functions for each software.
This can be controlled using the AllowMethods directive in the <Location> containers, which are needed to specify settings for one or more desired URLs. One configuration that enables access to the resource as well as client-side data entry can be implemented with the following entry:
<Location "/">
AllowMethods GET POST OPTIONS
</Location>
Solution 2: Clean up the source code
If you’ve deliberately blocked an HTTP method, for example, to guarantee the safety of the website (common practice for the PUT method), but the client still triggers such a request to retrieve URL resources, this is often due to incorrect website programming. The requested page or element is therefore incorrectly linked with the method, which is why the 405 error is the logical consequence. The solution is to locate the problematic code in the corresponding HTML document and replace the entered code with the correct request method. If the server configurations and source code are reconciled, then there’s a high possibility that the 405 HTTP error will disappear from the browser window of your visitor.
Solution 3: Bypass the provider’s security barrier
As previously mentioned, the 405 error can also have the background that the corresponding HTTP methods for certain MIME types – like an HTML document, for example – have been disabled by the hosting provider for security reasons. In this case, you can of course contact your provider and ask for approval – but if this isn’t possible, there are tricks that allow you to use the method for your web project anyway.
You can deliver the website with a different MIME type available for the desired method to work around the barrier. POST, for example, is usually deactivated for HTML pages, while the method functions in PHP documents. If you change the extension type, for example, from index.html to index.php, there’s a good chance that you’ll have solved the “405 Method Not Allowed” problem.
A second trick is to implement the website that causes the HTTP error as the content of the displayed 405 error page. To do this, simply save the page in question in a separate directory and define this in the configuration file as the official 405 error message:
ErrorDocument 405 /PathToFile/example.html
This solution does have the disadvantage, though, that all success page accesses for the page are classified and counted as errors, which complicates the statistical analysis.
Yury Sobolev is Full Stack Software Developer by passion and profession working on Microsoft ASP.NET Core. Also he has hands-on experience on working with Angular, Backbone, React, ASP.NET Core Web API, Restful Web Services, WCF, SQL Server.