lucy24 - 1:43 am on Jan 30, 2013 (gmt 0)
One container: first one Limit Get, Put & second Limit Get, Head to make them different ?
No. It's not like CSS where <class = "widget foobar"> means it has to be both A and B or the rule won't apply.
When two rules in Apache contradict each other, you need to know exactly where you are. Not just physically where-- i.e. different directories at different levels-- but what module, if any.
Sometimes Apache grabs the first thing that applies. A simple example is the DirectoryIndex line: as soon as it finds a match it stops, without checking to see if there's also an index.jsp or a main.php in the same directory. Other times Apache uses the last thing it meets, discarding any others. Some people have been bitten by the <Location> envelope, which can override any previous Deny.
And still other times the whole thing grinds to a crashing 500-level halt.
In the case of PUT, I should think you'd want to block almost everyone. But you may not need to do it explicitly. Just the other day my logs turned up a slew of "PUT ... html" (and assorted other extensions) that got hit with a resounding 405 requiring no effort from my side at all. Didn't even show up in error logs.