Lighttpd

icy wrote:

Why should it respond with something else than 501 if it does not understand the method?
The behavior is completely fine.

I think the first need check for a file or authorization and send different errors status instead of one, it will be more informative.

p.s.
I want to move my project from apache (in apache return 404 abd 401) to lighttpd but this thing blocked me.

Well I don't agree. The method specifies how the webserver handles the given request. Why should it check if a file exists and then decide how to handle it? It makes no sense. There can be methods that create content and don't request it, how would you handle this case?
So again, the current behavior is fine.

if a server doesn't understand a method, a 404 is definitely not appropriate (for example, 404 for PUT would be plain stupid).

But i guess mod_auth should probably trigger for all methods, as some module other than static file could handle it if mod_auth let it through.

If my understanding of the current status is correct, mod_auth does trigger a 401, but it gets overwritten in connections.c:453 with 501.

Setting con->mode = p->id instead of DIRECT in mod_auth.c line 278 should fix it.