Hi, i recently had to exploit this vuln, not for malicious purpose but for a challenge. I just have to change the request method from GET to anything... I tried it with the famous plugin for Firefox: LiveHttpHeaders, i changed GET to whatever i wanted, but still have 401 response. I tried with lots of programs: -LiveHttpHeaders -Tamper Data -RESTClient -Burp free suite v1.5 -Netcat I'm still enable to exploit it, feel like i missed something ... I'm running Windows 8 and Firefox 16.0, thanks for any help you could provide me. Edit: Solved, it was in fact a directory traversal vuln , not limit ...