Synopsis: Invalid request methods are processed by CGI module as GET State-Changed-From-To: open-closed State-Changed-By: marc State-Changed-When: Wed Aug 6 23:05:11 PDT 1997 State-Changed-Why: No, Apache is not handling it like a GET request. It is handling it like a BLAH request. If your CGI script does not properly check its environment to see what method it is being called with it should.
Also note that even if Apache rejected such requests, your configuration would still not be secure if your script didn't check the method it was being called with; eg. PUT would get past. If you want access restrictions to apply to all methods, simply leave the limit section out entirely. This horrible trend of putting needless limit statements in has no purpose but is unfortunately widespread. The method is properly set to an internal datatype of M_INVALID meaning an invalid method, but it is still processed by certain modules such as the CGI module because there is nothing stopping someone from implement and extension method which a CGI script does handle correctly.
