Yeah, it’s almost certainly some piece of hardware or software in your stack that’s blocking those. It’s not uncommon for web servers, firewalls, or web application filters to introspect HTTP and block requests that use HTTP methods they don’t think should be used for security. I know IIS has filters for allowed verbs, but I don’t have IIS7 in front of me at the moment to find it.
Your best bet will be to trace the network traffic all the way through from the client to the server and confirm at each point that the traffic was not blocked. Of course, IT cooperation is a must there
ColdBox Platform Evangelist
Ortus Solutions, Corp