Question
How to enable the use of GET, HEAD, POST, PUT, DELETE, PATCH requests on a Plesk for Windows Server?
Answer
To enable these HTTP methods, follow the steps under each section:
I. Enable HTTP methods in IIS:
-
Connect to the Plesk server via RDP.
-
Launch Internet Information Service (IIS) Manager at Windows Start > All Programs > Windows Administrative Tools.
-
In IIS Manager, expand SERVERNAME > Sites > click on example.com > Handler Mappings (under IIS).
-
Find the handler which is used by the website and double-click on it.
For example, if this is a PHP website, double-click on PHP-php.
-
Click Request Restrictions....
-
Switch to the Verbs tab.
-
Add required verbs in to the verbs field, for example:
GET,HEAD,POST,PUT,DELETE,PATCH
-
Click OK to apply the changes in both windows.
Note: If you get the warning "The specified executable for the handler must be a .dll or .exe file", that means the path in the Executable (optional) field contains spaces. In this case, use double quotation marks to specify the executable, for example:
"C:Program Files (x86)PleskAdditionalPleskPHP74php-cgi.exe"|-d siteId=10
II. Disable WebDAV handler for a domain as it conflicts with PHP/.NET Core handler
-
Open the domain's web.config file at Domains > example.com > File Manager.
-
Find the section
<system.webServer>and add the following content under it:<system.webServer>
<modules>
<remove name="WebDAVModule" />
</modules>
<handlers>
<remove name="WebDAV" />
</handlers>
III. Adjust ModSecurity
In some cases, ModSecurity may block HTTP methods if a strict ruleset (e.g. OWASP, Comodo or a custom ruleset) is being used. In this case, switch to the Atomic Standard ModSecurity ruleset: go to Tools & Settings > Web Application Firewall (ModSecurity) > Settings > Atomic Standard > Click OK to apply the changes.
with