# website errors# troubleshooting
405 Method Not Allowed: What It Means and How to Fix It
A 405 Method Not Allowed error means the server received your request and understood it, but the HTTP method you used (GET, POST, PUT, DELETE, etc.) isn't supported for that particular endpoint. The server knows the resource exists — it just won't accept the way you're trying to interact with it.
This error is common in API development, form submissions, and when web servers have restrictive method configurations.
What Does a 405 Method Not Allowed Mean?
HTTP defines several request methods. The most common are:
- GET — Retrieve a resource
- POST — Submit data to create a resource
- PUT — Update an existing resource
- DELETE — Remove a resource
- PATCH — Partially update a resource
A 405 means the server recognises the URL but doesn't allow the method you're using. For example, if an endpoint only accepts GET requests and you send a POST, you'll receive a 405.
The response should include an Allow header listing which methods the endpoint does support:
curl -s -D - -X DELETE https://example.com/page -o /dev/null | grep -i allow
# Allow: GET, HEAD, OPTIONS
This tells you the server only accepts GET, HEAD, and OPTIONS at that URL.
Common Causes of a 405 Error
1. Wrong HTTP Method in the Request
The most common cause. You're sending a POST to an endpoint that only accepts GET, or a PUT to an endpoint that only accepts POST. This happens frequently when:
- A form's
actionURL points to a page that doesn't handle POST requests. - An API consumer sends the wrong method for an operation.
- A frontend app uses GET for an operation that should be POST (or vice versa).
2. Server Configuration Blocking Methods
Nginx and Apache can be configured to restrict which HTTP methods are allowed, sometimes more aggressively than intended.
Nginx restricting methods:
# This block will return 405 for anything except GET and HEAD
if ($request_method !~ ^(GET|HEAD)$ ) {
return 405;
}
Apache restricting methods:
<Directory /var/www/html>
<LimitExcept GET HEAD>
Require all denied
</LimitExcept>
</Directory>
3. Static File Server Rejecting POST
If you send a POST request to a static file (an HTML page, an image, a CSS file), many web servers will return a 405 because POST doesn't make sense for a static resource. Nginx's built-in static file handling will do this by default.
4. API Route Not Defined for That Method
In web frameworks like Express, Django, Laravel, or Flask, each route is registered for specific HTTP methods. If you've defined a route for GET but not POST, a POST request to that URL will return 405.
# Flask example - only GET is registered
@app.route('/users', methods=['GET'])
def get_users():
return jsonify(users)
# A POST to /users will return 405
5. Reverse Proxy Interfering
Sometimes a reverse proxy or load balancer strips or modifies the HTTP method before forwarding the request to your application. This is rare but worth checking if the method works when hitting the application directly.
How to Fix a 405 Method Not Allowed
Step 1: Verify the Correct Method
Check the API documentation or server configuration to confirm which method the endpoint expects. Use curl to test:
# Test with GET
curl -i -X GET https://example.com/api/resource
# Test with POST
curl -i -X POST https://example.com/api/resource \
-H "Content-Type: application/json" \
-d '{"key": "value"}'
# Check which methods are allowed
curl -i -X OPTIONS https://example.com/api/resource
Step 2: Fix Server-Level Method Restrictions
On Nginx, if you need to allow POST requests to a location that currently blocks them:
location /api/ {
# Remove any method restrictions
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
If Nginx is returning 405 for POST requests to static files (common with custom error pages), add:
error_page 405 =200 $uri;
On Apache, update the <LimitExcept> or <Limit> directives to allow the methods you need:
<Directory /var/www/html/api>
# Allow all standard methods
<LimitExcept GET HEAD POST PUT DELETE PATCH>
Require all denied
</LimitExcept>
</Directory>
Then reload:
sudo systemctl reload apache2
Step 3: Add the Missing Route in Your Application
If the problem is in your application code, register the route for the correct method:
# Flask - add POST support
@app.route('/users', methods=['GET', 'POST'])
def users():
if request.method == 'POST':
# Handle creation
pass
return jsonify(users)
// Express - add POST support
app.get('/users', getUsers);
app.post('/users', createUser); // Add this line
Step 4: Check for Form Action Mismatches
If a form submission is causing the 405, verify the form's action attribute points to a URL that accepts POST:
<!-- Make sure this URL handles POST -->
<form method="POST" action="/submit-form">
<!-- form fields -->
</form>
Step 5: Inspect Proxy Configuration
If you're behind a reverse proxy, verify it's forwarding the original HTTP method. Check both the proxy config and the upstream application logs to see what method actually arrives:
# Check what your backend receives
tail -f /var/log/app/access.log
How Domain Monitor Can Help
A 405 error on a critical endpoint — like a checkout form, login page, or API route — means your users can't complete essential actions. If a deployment or configuration change accidentally breaks method handling, your site may look "up" on the surface while key functionality is completely broken.
Domain Monitor lets you monitor specific endpoints and will detect when they start returning error status codes like 405. It checks every minute from multiple locations, and you can set up downtime alerts via email, SMS, or Slack. By combining endpoint monitoring with website monitoring, you can catch method-related configuration errors before they block real users from submitting forms, making API calls, or completing transactions.
Quick Summary
| Cause | Fix |
|---|---|
| Wrong HTTP method in request | Use the correct method (check Allow header) |
| Server config blocking methods | Update Nginx/Apache method restrictions |
| POST to a static file | Reconfigure or add error_page directive |
| Missing route definition | Register the route for the needed method |
| Reverse proxy interference | Verify proxy forwards the original method |
A 405 is one of the more straightforward HTTP errors to diagnose. Check what method you're sending, compare it to what the server allows, and adjust either your request or your server configuration to match.
Related Articles
More posts
Wildcard vs SAN vs Single-Domain SSL Certificates: Which Do You Need?
Wildcard, SAN (multi-domain), and single-domain SSL certificates cover different use cases. Here's a clear comparison to help you pick the right type — and avoid paying for coverage you don't need.
Read moreWhy DNS Works in One Location but Fails in Another
DNS resolves correctly from your office but fails for users in other countries or on different ISPs. Here's why geographic DNS inconsistency happens and how to diagnose which layer is causing it.
Read moreRegistrar Lock vs Transfer Lock: What's the Difference?
Registrar lock and transfer lock are often confused — and disabling the wrong one leaves your domain vulnerable. Here's a clear breakdown of what each does and when to use them.
Read moreSubscribe to our PRO plan.
Looking to monitor your website and domains? Join our platform and start today.