diff --git a/http_auth_test.go b/http_auth_test.go
index cf23b59..034b089 100644
--- a/http_auth_test.go
+++ b/http_auth_test.go
@@ -49,6 +49,22 @@ func TestProxy_allowHTTP_Bad(t *testing.T) {
 	}
 }
 
+func TestProxy_allowHTTP_MethodRestricted_Bad(t *testing.T) {
+	p := &Proxy{
+		config: &Config{
+			HTTP: HTTPConfig{},
+		},
+	}
+
+	status, ok := p.allowHTTP(&http.Request{Method: http.MethodPost})
+	if ok {
+		t.Fatal("expected non-GET request to be rejected")
+	}
+	if status != http.StatusMethodNotAllowed {
+		t.Fatalf("expected status %d, got %d", http.StatusMethodNotAllowed, status)
+	}
+}
+
 func TestProxy_allowHTTP_Ugly(t *testing.T) {
 	p := &Proxy{
 		config: &Config{
diff --git a/state_impl.go b/state_impl.go
index df9f574..1cc975f 100644
--- a/state_impl.go
+++ b/state_impl.go
@@ -643,7 +643,7 @@ func (p *Proxy) allowHTTP(r *http.Request) (int, bool) {
 	if p == nil {
 		return http.StatusServiceUnavailable, false
 	}
-	if p.config.HTTP.Restricted && r.Method != http.MethodGet {
+	if r.Method != http.MethodGet {
 		return http.StatusMethodNotAllowed, false
 	}
 	if token := p.config.HTTP.AccessToken; token != "" {