Articles in this section

How to enable the use GET, HEAD, POST, PUT, DELETE, PATCH requests on a Plesk for Windows Server

Kuzma Ivanov
Updated
Plesk for Windows kb: how-to

Applicable to:

  • Plesk for Windows

Question

How to enable the use of GET, HEAD, POST, PUT, DELETE, PATCH requests on a Plesk for Windows Server?

Answer

To enable these HTTP methods, follow the steps under each section:

 

I. Enable HTTP methods in IIS:

  1. Connect to the Plesk server via RDP.

  2. Launch Internet Information Service (IIS) Manager at Windows Start > All Programs > Windows Administrative Tools.

  3. In IIS Manager, expand SERVERNAME > Sites > click on example.com > Handler Mappings (under IIS).

  4. Find the handler which is used by the website and double-click on it.

    For example, if this is a PHP website, double-click on PHP-php.

  5. Click Request Restrictions....


    Edit_Module_Mappings.PNG

  6. Switch to the Verbs tab.

  7. Add required verbs in to the verbs field, for example:

    CONFIG_TEXT: GET,HEAD,POST,PUT,DELETE,PATCH


    Request_Restrictions_-_Verbs.PNG

  8. Click OK to apply the changes in both windows.

    Note: If you get the warning "The specified executable for the handler must be a .dll or .exe file", that means the path in the Executable (optional) field contains spaces. In this case, use double quotation marks to specify the executable, for example:
    "C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe"|-d siteId=10

 

II. Disable WebDAV handler for a domain as it conflicts with PHP/.NET Core handler

  1. Log in to Plesk.

  2. Open the domain's web.config file at Domains > example.com > File Manager.

  3. Find the section<system.webServer>and add the following content under it:

    <system.webServer>
        <modules>
            <remove name="WebDAVModule" />
        </modules>
        <handlers>
            <remove name="WebDAV" />
        </handlers>

 

III. Adjust ModSecurity

In some cases, ModSecurity may block HTTP methods if a strict ruleset (e.g. OWASP, Comodo or a custom ruleset) is being used. In this case, switch to the Atomic Standard ModSecurity ruleset: go to Tools & Settings > Web Application Firewall (ModSecurity) > Settings > Atomic Standard > Click OK to apply the changes.

Was this article helpful?

Comments

2 comments
Date Votes
  • Avatar
    Duarte Nuno

    This only allows you to change site by site, how to set globally for all sites?

    0
  • Avatar
    Daniel Castilla Toledo

    And also: If I change the PHP settings in Plesk, the verb restriction changes made to the PHP handler mapping may be overwritten, right?

    0

Please sign in to leave a comment.