Home » Php » apache – How to enable and use HTTP PUT and DELETE with Apache2 and PHP?

apache – How to enable and use HTTP PUT and DELETE with Apache2 and PHP?

Posted by: admin April 23, 2020 Leave a comment


It should be so simple. I’ve followed every tutorial and forum I could find, yet I can’t get it to work. I simply want to build a RESTful API in PHP on Apache2.

In my VirtualHost directive I say:

<Directory />
    AllowOverride All
        Order Allow,Deny
        Allow from all

Yet every PUT request I make to the server, I get 405 method not supported.

Someone advocated using the Script directive, but since I use mod_php, as opposed to CGI, I don’t see why that would work.

People mention using WebDAV, but to me that seems like overkill. After all, I don’t need DAV locking, a DAV filesystem, etc. All I want to do is pass the request on to a PHP script and handle everything myself. I only want to enable PUT and DELETE for the clean semantics.

How to&Answers:

You don’t need to configure anything. Just make sure that the requests map to your PHP file and use requests with path info. For example, if you have in the root a file named handler.php with this content:



if (($stream = fopen('php://input', "r")) !== FALSE)

The following HTTP request would work:

Established connection with on port 81
PUT /handler.php/bla/foo HTTP/1.1
Host: localhost:81
Content-length: 5
HTTP/1.1 200 OK
Date: Sat, 29 May 2010 16:00:20 GMT
Server: Apache/2.2.13 (Win32) PHP/5.3.0
X-Powered-By: PHP/5.3.0
Content-Length: 89
Content-Type: text/html
string(3) "PUT"
string(20) "/handler.php/bla/foo"
string(8) "/bla/foo"
string(5) "boo
Connection closed remotely.

You can hide the “php” extension with MultiViews or you can make URLs completely logical with mod_rewrite.

See also the documentation for the AcceptPathInfo directive and this question on how to make PHP not parse POST data when enctype is multipart/form-data.


AllowOverride AuthConfig

try this. Authentication may be the problem. I was working with a CGI script written in C++, and faced some authentication issues when passed DELETE. The above solution helped me. It may help in your case too.

Also even if you don’t get the solution for your problem of PUT and DELETE, do not stop working rather use “CORS”. It is a google chrome app, which will help you bypass the problem, but remember it is a temporary solution, so that your work or experiments doesn’t remain freeze for long. Obviously, you cannot ask your client to have “CORS” enabled to run your solution, as it may compromise systems security.


IIRC the purpose of the form method attribute was to define different transport methods. Consequently, HTML 5.2 only defines GET, POST, and DIALOG methods for transport and dialog action, not how the server should process the data.

Ruby-on-rails solves this problem by using POST/GET for everything and adding a hidden form variable that defines the actual ReST method. This approach is more clumsy and error-prone, but does remove the burden from both the HTML standard and browser developers.

The form method was defined before ReST, so you cannot define ReST in HTML, even after enabling Apache and PHP because the browsers conform to HTML and therefore default to GET/POST for all non-HTML defined values. That means, when you send a form to the browser with a PUT method, the browser changes that to GET and uses that instead. The hidden variable, however, passes through everything unchanged, so you can use that to customise your form handling process.

Hope that helps


On linux, /etc/apache2/mods-enabled/php5.conf dans php5.load exists. If not, enables this modules (may require to sudo apt-get install libapache2-mod-php5).


You can just post the file name to delete to delete.php on the server, which can easily unlink() the file.


The technical limitations with using PUT and DELETE requests does not lie with PHP or Apache2; it is instead on the burden of the browser to sent those types of requests.

Simply putting <form action=”” method=”PUT”> will not work because there are no browsers that support that method (and they would simply default to GET, treating PUT the same as it would treat gibberish like FDSFGS). Sadly those HTTP verbs are limited to the realm of non-desktop application browsers (ie: web service consumers).