limit_except strange by bug or design?

Sun Sep 13 22:54:37 MSD 2009

I have a problem with the limit_except command. I try to offer a  
public Mercurial-Repository with nginx as frontend. In short: GET is  
allowed, POST needs authentification.

In my simple mind I thought this config would fit:

_config_
         location /public/ {
                 limit_except GET {
                        auth_basic            "Authenticate";
                        auth_basic_user_file  /var/hg/hg_user;
                  }

                 set  $path_info      "";
                 if ($fastcgi_script_name ~ "^(/.+)$") {
                         set  $path_info $1;
                 }

                 include        fastcgi_params;
                 fastcgi_param  AUTH_USER          $remote_user;
                 fastcgi_param  REMOTE_USER        $remote_user;
                 fastcgi_param  SCRIPT_NAME "";
                 fastcgi_param  PATH_INFO $path_info;
                 fastcgi_pass   127.0.0.1:10040;
         }
_/config_

In praxis it ends with this situation: GET works as espected;
Trying POST ends with a timeout at clientside and this log at  
serverside:

_log_
2009/09/11 11:07:39 [error] 21423#0: *361 "/var/hg/www/public/ 
repository/index.html" is not found (2:
  No such file or directory), client: 213.170.191.78, server:  
hg.domain.com, request: "POST /public/repository/? 
cmd=unbundle&heads=3853d3bd894379d0bd69822fccdabf6b90cf53a3 HTTP/1.1",  
host: "hg.domain.com"
_/log_

the ".../index.html is not found" says to me that the fastcgi-part is  
ignored. By intention or bug. Am I right?

What is the intention of this approach? Is there a better way of  
solving this problem?

I am stumped

Micha