Support

Admin Tools

#42848 Error 405 if .htaccess for Admin Tools

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
6.0.3
PHP version
8.3.30
Admin Tools version
up to date

Latest post by smartweb on Monday, 30 March 2026 08:22 CDT

Friday, 27 March 2026 11:02 CDT

smartweb

Hi, 

I’m trying to use the AcyMailing API. GET requests work perfectly, but with POST requests I get the error ‘HTTPError: 405 Client Error: Method Not Allowed’.

If I replace the .htaccess file created by Admin Tools with Joomla’s default .htaccess file, the problem disappears. Unfortunately, even after testing several times, I cannot figure out which setting I need to correct to enable API POST requests. Could you help me with your wealth of experience? Which setting is blocking communication, or which rule or exception do I need to configure to make this work?

Regards
Stefan

Saturday, 28 March 2026 02:59 CDT

nicholas

I am using the Joomla API extensively – it's how I publish our software on this site. I am of course doing POST requests. This is the HTTP method used in REST APIs to modify data which is a necessary part of the release process (a new release is first created unpublished, then its download items are created, then the release is published – all of that being POST requests).

I am of course using the .htaccess Maker; Admin Tools exists because the default level of protection in Joomla was not paranoid enough for my liking with our business site's use case in mind.

The only things I can think of are:

  • Do you have any custom .htaccess code? You might've added some "security" code you found in the Joomla Forum, a Joomla Facebook group, or some other similarly unreliable source. A lot of people, especially around 2-3 years ago, were posting idiotic .htaccess code to disable the Joomla API's POST and PUT method because of a security issue that had long been resolved. Panic spreads like wildfire amongst those who don't understand what they're doing.
  • Do you have Force HTTPS for these URLs or HSTS Header enabled? If so, make sure that you always access your API using the HTTPS protocol. Otherwise you get a redirection from plain HTTP to HTTPS which will break the request. It shouldn't cause a 405 Method Not Allowed, but you never know.
  • Do you have Redirect www and non-www addresses enabled, or have set Redirect this (old) domain name to the new one? Basically the same as above. These will cause redirects unless you use the exact domain name (note that example.com and www.example.com are two different Fully Qualified Domains!).

Given the HTTP 405 I am pretty darn sure you are using some custom .htaccess code which blocks the Joomla API. The really bad (both as an idea, and as an execution) .htaccess code I had seen a couple of years ago that was blocking the Joomla JSON API would indeed let GET requests through and only block all other verbs. Completely idiotic, as it wouldn't address the security issue if it existed (a GET request could've exposed private information), the issue was already fixed weeks before that code started floating around, and if someone really wanted to disable the Joomla API they could just unpublish all webservices plugins

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 30 March 2026 08:22 CDT

smartweb

Hi Nicholas,

Thank you very much for your detailed feedback. I really appreciate it when I feel that someone is enthusiastic about the project.

Thanks to your help, I’ve been able to resolve the issue. The cause was indeed the setting “Redirect www and non-www addresses.” When calling the API, the URL was accidentally (or automatically by the AI) entered with “www.”. Consequently, the request was redirected to the domain without “www.”, which caused this error.

This had no effect on GET requests, only on POST actions. Thank you very much for your support.

Best regards
Stefan

 

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!