When attempting to POST data to a .txt file (or other static resources) in IIS7, you'll encounter the HTTP 405 "Method Not Allowed" error. This occurs because IIS by default restricts POST operations to dynamic handlers (like ASP.NET) while blocking them for static files.
The most effective solution involves modifying IIS's handler mappings. Here's the technical implementation:
<configuration>
<system.webServer>
<handlers>
<add name="TxtPostHandler"
path="*.txt"
verb="POST"
type="System.Web.DefaultHttpHandler"
preCondition="integratedMode" />
</handlers>
</system.webServer>
</configuration>
Option 1: Web.config Modification
Add the above XML snippet to your application's web.config file. This creates a specific handler for POST requests to .txt files.
Option 2: IIS Manager GUI
- Open IIS Manager
- Navigate to your site or application
- Open "Handler Mappings"
- Click "Add Managed Handler"
- Configure:
- Name: TxtPostHandler
- Path: *.txt
- Verb: POST
- Type: System.Web.DefaultHttpHandler
After enabling POST to .txt files, implement these security measures:
<system.webServer>
<security>
<requestFiltering>
<fileExtensions>
<add fileExtension=".txt" allowed="true" />
</fileExtensions>
<verbs>
<add verb="POST" allowed="true" />
</verbs>
</requestFiltering>
</security>
</system.webServer>
Use this cURL command to verify your setup:
curl -X POST -d "test=data" http://yoursite.com/test.txt
Expected response should be HTTP 200 (not 405) if configured correctly.
- Inheritance conflicts: Check parent web.config files for conflicting rules
- Handler precedence: Ensure no higher-priority handlers intercept the request
- Authentication: Anonymous authentication must be enabled for static files
For Facebook canvas apps specifically, consider creating a POST endpoint that writes to the text file:
// FBPostHandler.ashx
public void ProcessRequest(HttpContext context)
{
if (context.Request.HttpMethod == "POST")
{
string data = context.Request.Form["fb_signed_request"];
File.WriteAllText(context.Server.MapPath("~/data.txt"), data);
}
}
When Facebook apps make POST requests to your server through iframes, IIS7 typically blocks these attempts for static files like .txt with HTTP 405 errors. This occurs because:
- Static file handlers are configured for GET/HEAD by default
- WebDAV module may intercept and reject POST requests
- Request filtering can block certain verbs
1. Handler Mapping Modification
Add POST verb to the static file handler in web.config:
<system.webServer>
<handlers>
<add name="StaticFile_POST"
path="*.txt"
verb="GET,HEAD,POST"
type="System.Web.StaticFileHandler"
resourceType="File" />
</handlers>
</system.webServer>
2. WebDAV Module Removal
If WebDAV is causing interference (common in IIS7):
<system.webServer>
<modules>
<remove name="WebDAVModule" />
</modules>
<handlers>
<remove name="WebDAV" />
</handlers>
</system.webServer>
3. Request Filtering Adjustment
Modify request filtering to allow POST:
<system.webServer>
<security>
<requestFiltering>
<verbs allowUnlisted="true">
<add verb="POST" allowed="true" />
</verbs>
</requestFiltering>
</security>
</system.webServer>
Verify with this CURL command:
curl -X POST http://yourserver.com/test.txt -d "testdata"
Or with PowerShell:
Invoke-WebRequest -Uri "http://yourserver.com/test.txt" -Method Post -Body "testdata"
For specific directories only:
<location path="fb_callback">
<system.webServer>
<handlers>
<add name="FB_POST_Handler"
path="*.txt"
verb="POST"
type="System.Web.StaticFileHandler"
resourceType="File" />
</handlers>
</system.webServer>
</location>