405 Testing
405 - NOT ALLOWED
OVERVIEW
A 405 Method Not Allowed
error occurs when the HTTP method used in a request is not permitted by the
server for the requested resource. This typically happens when a client
attempts to use an unsupported HTTP method, such as sending a POST request to
an endpoint that only accepts GET requests.
In addition to application or
server-side restrictions, Prophaze Web Application Firewall (WAF) may
return a 405 status code when it detects and blocks suspicious or malicious
traffic based on configured security policies. As a result, legitimate requests
may occasionally receive a 405 response if they match a security rule or
protection mechanism.
RESOLUTION STEPS
1. Identify if it is serving Prophaze's 405 status page : Check if the displayed error page matches Prophaze's standard 405 Method Not Allowed status page. If the Prophaze status page is being served, the request has been blocked by the WAF and further investigation can be performed using the Prophaze dashboard and attack logs.
2. Log in to the Prophaze Dashboard and, from the left navigation pane, navigate to Attack → Attack Analytics.
3. Verify the HTTP Request Method
- Identify the affected request in Attack Analytics using the request timestamp, source IP address, or other available request details. and click on Explore.
- Review the WAF Log Details. Click Show Details for the identified request in Attack Analytics and examine the log information to determine why the traffic was classified and blocked with a 405 Method Not Allowed status.the attack type and rules triggered to identify the reason to block.
4. Validate the Request
- Verify that the request is legitimate, originates from a trusted source, and aligns with the intended functionality of the application.
- If the request method is valid and required for application functionality, identify the triggered security rule in the WAF logs and create an appropriate exception to allow the legitimate traffic.
5. Contact Support
If multiple requests are being blocked with a 405 Method Not Allowed response, contact the Support team to with the traffic details to review and fine-tune the WAF configuration to ensure legitimate traffic is not impacted.
Related Articles
403 TESTING
403 FORBIDDEN OVERVIEW A 403 Forbidden error occurs when a user attempts to access a website or application but is denied permission by the server. This indicates that the server has received and understood the request, but access is being blocked ...MFA TESTING
Multi-Factor Authentication (MFA) Overview Multi-Factor Authentication (MFA) adds an extra layer of security to your account by requiring a second form of verification in addition to your password. Prophaze supports popular authenticator applications ...504 Testing
Overview A 504 Gateway Timeout error occurs when the Prophaze Web Application Firewall (WAF) does not receive a timely response from the backend application server. This article explains the most common causes and provides a structured resolution ...