405 Method Not Allowed: What It Is and How to Fix It

The 405 Method Not Allowed is an HTTP response status code indicating that the server received and recognized the specified request HTTP method, but the server rejected that particular method for the requested resource. This code response confirms that the requested resource is valid and exists, but the client has used an unacceptable HTTP method during the request.

Like most HTTP response codes — especially for those that indicate an error — it can be challenging to find the cause of a 405 Method Not Allowed response. 

In this article, we’ll examine the 405 Method Not Allowed in more detail. We'll look at what might cause this message, along with a handful of tips for diagnosing and debugging the appearance of this error within your application. We’ll also examine popular content management systems (CMSs) for potential problem areas that could cause an unexpected 405 Method Not Allowed.

Server- or Client-Side?

All HTTP response status codes in the 4xx category are client error responses. This category contrasts with 5xx classification errors, such as the 503 Service Unavailable Error. These are server error responses. That said, the appearance of a 4xx error doesn’t necessarily mean the issue is on the client-side, where the “client” is the web browser or device being used to access the application. 

If you’re trying to diagnose an issue within your application, you can ignore most client-side code and components, such as HTML, cascading style sheets (CSS), client-side JavaScript, etc. This doesn’t apply solely to websites, either. Standard web applications power many smartphone apps that implement a modern-looking user interface.

On the other hand, this doesn’t entirely rule out the server as the actual cause of a 405 error. In some cases, the server may be mishandling requests. This could result in 405 code responses and other problematic traffic routing issues. We’ll explore some of these scenarios (and potential solutions) below. Be aware that, even though the 405 Method Not Allowed is considered a client error response, it doesn’t inherently mean we can rule out the client or the server as the culprit.

Start With a Thorough Application Backup

It is critical that you perform a complete backup of your application before attempting any fixes to the system. 

Even better, create a complete copy of the application onto a secondary staging server that isn’t active. This will give you a clean testing ground to test all potential fixes without threatening your live application.

Diagnosing a 405 Method Not Allowed

As discussed in the introduction, a 405 Method Not Allowed indicates that the user agent (the web browser, in most cases) has requested a valid resource using an invalid HTTP method. 

This could happen in a few different circumstances:

  • The user agent accidentally sent an incorrect HTTP method
  • The server is expecting only a handful of valid HTTP methods for the requested resource

Currently, there are nine possible HTTP methods, though some of them are far more prevalent than others. For example, the GET method handles most requests made on the Internet to retrieve data (i.e. “get” a page or resource). The POST method is the second-most common, and it’s typically used to send data to the server (such as login credentials).

Since each possible HTTP method has its own intended uses, it often doesn’t make sense for a server to accept requests using specific methods for particular resources. For example, a resource might exist at the URL https://airbrake.io/users/create, where the server creates a new user when valid credentials are sent via a POST HTTP method request. Therefore, it makes no sense for the server to accept a GET request at that resource/URL, so it may respond with a 405 Method Not Allowed code.

Troubleshooting on the Client-Side

Since the 405 response is a client error response code, it’s best to start troubleshooting any potential client-side issues. Here are a handful of tips to try on the browser or device giving you problems.

Check the Requested URL

The most common cause of a 405 Method Not Allowed is simply inputting an incorrect URL. As discussed before, many web servers will disallow access to improper URLs. 

This could be anything from trying to access a file directory via a URL to gaining access to a private page meant for other users. Double-check the exact URL returning the 405 Method Not Allowed error.

Debugging Common Platforms

If you’re running common software packages on the server responding with the 405 Method Not Allowed, you may want to look into the stability and functionality of those platforms. 

The most common content management systems (CMSs) — like WordPress, Joomla!, and Drupal — are typically well-tested. Once you start making modifications to the underlying extensions or PHP code, it’s easy to cause unforeseen issues resulting in a 405 error.

Troubleshoot some of these popular software platforms using the tips below.

Rollback Recent Upgrades

Suppose you recently updated the content management system before the 405 Method Not Allowed appeared. You may want to consider rolling back to the previous version you had installed when things were working fine. 

Similarly, any extensions or modules you may have recently upgraded can also cause server-side issues, so reverting to previous versions may also help. 

Simply Google “downgrade [PLATFORM_NAME] for assistance with this task.” In some cases, however, certain CMSs don’t provide a version downgrade capability, which indicates that they consider the base application and each new version released to be stable and bug-free. 

Uninstall New Extensions, Modules, or Plugins

New extensions, modules, and plugins within your CMS all serve the same purpose across every system: improving the capabilities and features of the platform beyond what it’s typically capable of out of the box. 

A word of caution: such extensions can take complete control of the system and make virtually any changes. As such, it may be wise to uninstall any new extensions if you suddenly see a 405 error. 

Check for Unexpected Database Changes

It’s worth noting that, even if you uninstall an extension through the CMS dashboard, this doesn’t guarantee that changes made by the extension will fully revert. This is particularly true for many WordPress extensions. Some of these extensions are given carte blanche within the application, including full access rights to the database. 

For example, some extensions modify database records that don’t “belong” to the extension itself but are instead created and managed by other extensions (or even the base CMS itself). The extension may not know how to revert alterations to database records, so it will ignore such things during uninstallation. 

Your best course of action is to open the database and manually look through records that the extension modified. 

Troubleshooting on the Server-Side

If you aren’t running a CMS application — or even if you are, but you’re confident the 405 Method Not Allowed error isn’t related to that — here are some additional tips to help you troubleshoot what might be causing the issue on the server-side of things.

Confirm Your Server Configuration

Your application is likely running on a server using one of these three popular webserver software: Apache, nginx, or Cloudflare. At the time of publication, these web servers make up over 86% of the world’s web server software! Check your configuration files for your web server software for unintentional redirect or request handling instructions.

Apache

To determine which web server your application uses, look for a key file. If your web server is Apache, look for an .htaccess file within the root directory of your website file system. 

For example, if your application is on a shared host, you’ll likely have a username associated with the hosting account. You can find the application root directory at the path of /home/<username>/public_html/, so the .htaccess file would be at /home/<username>/public_html/.htaccess.

Once you’ve located the .htaccess file, open it in a text editor. Look for lines that use RewriteXXX directives, which are part of the mod rewrite module in Apache. Covering exactly how these rules work is well beyond the scope of this article. However, the basic concept is that a RewriteCond directive defines a text-based pattern that is matched against entered URLs. Suppose a visitor requests a matching URL to the site. In that case, the RewriteRule directive that follows one or more RewriteCond directives is used to perform the actual redirection of the request to the appropriate URL.

For example, here is a simple RewriteRule that matches all incoming GET requests to https://airbrake.io/users/create and responds with a 405 Method Not Allowed error code:

RewriteEngine on

RewriteCond %{REQUEST_URI} ^/users/create/?.*$

RewriteCond %{REQUEST_METHOD} =GET

RewriteRule ^(.*)$ https://airbrake.io/users/new$1 [R=405,L]

Notice the R=405 flag at the end of the RewriteRule, which explicitly states that the response code should be 405. This indicates to user agents that the resource exists, but the provided HTTP method is not allowed. If you find any strange RewriteCond or RewriteRuledirectives in the .htaccess file that doesn’t belong, try temporarily commenting them out (using the # character prefix) and restarting your web server to see if this resolves the issue.

nginx

On the other hand, if your server is running on nginx, you’ll need to look for a completely different configuration file. By default this file is named nginx.conf. It's located in one of a few common directories: /usr/local/nginx/conf, /etc/nginx, or /usr/local/etc/nginx. 

Once located, open nginx.conf in a text editor and look for directives that are using the 405 response code flag. For example, here is a simple block directive (i.e. a named set of directives) that configures a virtual server for airbrake.io and ensures that a POST request to https://airbrake.io/users/create fails and is responded with a 405 response code:

server { 

    listen 80;

    listen 443 ssl;    

    server_name airbrake.io;    

    location /users/create {

        if ($request_method = POST) {

            return 405 https://airbrake.io/users/create$request_uri;

        }

    }

}

Look through your nginx.conf file for any abnormal directives or lines that include the 405 flag. Comment out any abnormalities. Once that's done, restart the server and see if the issue is resolved.

Configuration options for each different type of web server can vary dramatically. We’ll just list a few popular ones to give you some resources to look through:

Look Through the Logs

Nearly every web application will keep some form of server-side logs. Application logs are typically the history of what the application did, such as pages requested, connected servers, database results, etc. 

Server logs are related to the actual hardware running the application. Logs will often provide details about the health and status of all connected services or the server itself. 

Google “logs [PLATFORM_NAME]” if you’re using a CMS, or “logs [PROGRAMMING_LANGUAGE]” and “logs [OPERATING_SYSTEM]” if you’re running a custom application to get more information on finding the logs in question.

Debug Your Application Code or Scripts

If all else fails, it may be a problem in some custom code within your application. Manually debug your application and parse through application and server logs to diagnose where the issue may be coming from. Or, you can see the error in a manner of seconds using an error monitoring tool.

Airbrake’s error and performance monitoring software provides real-time error monitoring and automatic exception reporting for all development projects. In addition to this, Airbrake integrates with all popular languages and frameworks. Plus, Airbrake makes it easy to customize exception parameters, so you only gather the errors that matter.

See why so many of the world’s best engineering teams use Airbrake to revolutionize their exception handling practices and create your free dev account today. 

Note: We published this post in January 2018 and recently updated it in June 2022.