I have a site where there is no legitmate use of the HTTP POST method (or anything other than GET/HEAD).
limit_except
is usually used for method restriction, but only produces 403 responses, not 405.
There's a Stack Overflow
question that notes this.
There's a 2015 blog post
that suggests something like the following (which I needed to modify to get the Allow:
header to appear):
server {