C
They are, even for IIS, but that your HTTP server is outdated (whether it is an old version), depending on the type of server you use it will issue a random HTTP error invent a method that does not exist.Of course because https://www.apache.org , https://www.iis.net , https://nginx.org/ and https://www.lighttpd.net recognize all HTTP methods does not mean that web browsers will support them for use with things like HTML.There may also be cases that the server accepts a "invented" method, but this you can (and should) treat in the application, understand that an HTTP method does not work "by magic" (automatically), it is just a dialog so that you or that your application behind the HTTP server (apache, etc) make use of this "verb" (truth is the whole input, method is the GET, POST, DELETE, etc), it's like you say to someone VOU na padaria, of course the answer coming to your application you can interpret the "VOU"as anything (not that this is correct), the idea of the methods is to normatize/organize the input data so that the server and the application (being Python, PHP, asp.net, etc) understand what you "want", but it doesn't mean you actually sent what you said you were doing.I believe it is not the HTTP server that makes the "parse" of the data, but rather the application or framework that runs by the defined module or perhaps even the module itself does this, of course this may vary, even if the method is implemented it must follow the purpose, if it is not supported it is quite likely to be an older server (it is not something impossible to find) however it is important to understand that in cases like POST it can receive different types of payload, part can be made on the front end and another part is solved on the back end:application/x-www-form-urlencoded this is the default valuemultipart/form-data" No treatment", the way it was sent is delivered (unless it is a webnavigator)And in the case of POST each is adjusted according to Content-Type requestControlling methods accepted in ApacheIn Apache2.2+ there is http://httpd.apache.org/docs/2.2/mod/core.html#limit which can control the accepted methods and can be configured in all contexts ( Apache settings or .htaccess), something like:<Limit POST PUT DELETE>
... Instrução ...
</Limit>
Or use the LimitExcept that does on the contrary, "protects" all but those defined:<LimitExcept GET HEAD>
... Instrução se não for GET e HEAD ...
</LimitExcept>
An example according to the documentation is "protect" the methods (other methods will be "unprotected"):<Limit POST PUT DELETE>
Require "usuário valido"
</Limit>
In Apache2.4 it has a module that you can activate called https://httpd.apache.org/docs/2.4/mod/mod_allowmethods.html (Experimental), in which you can define the only permitted methods (works in the context of the https://httpd.apache.org/docs/2.4/mod/directive-dict.html#Context <Location "/">
AllowMethods GET POST OPTIONS
</Location>
Controlling the methods in NginxIn Nginx you can do something similar to the middle Apache that manually://Ignora o método POST e emite 405
if ($request_method = POST) {
return 405;
}
I will edit to provide more details as possible