CA Policies return 500 Internal Error when a method from GET,POST,PUT, and DELETE is not allowed but we try to call from Postman. Is there any way to return the 405 method not allowed when method is not checked on the policy?

10.1 and 11.1

There are two ways of achieving it obviously by doing customization as to which ever way is convenient for you .

Message Request has a uri and it comes to

---> tomcat which is basically the listen port 
----> Message received (all messages) for example /eee/fff/ddd(names of the service)

all posts Look at the specific uri for example /xxxx -> method post -> you fail the service

1.----> Service (if methods not checked it doesn't enter the policy) and you need to apply custom logic over there .

2. -----> If the method is checked it executes the policy...
No need for uri as your uri already resolved. request.http.method == post custom fail error response and stop processing .

To summarize it would be better if you check in the method (patch) inside the service property of the specific service and that should resolve the url and give you expected error message that you desire .