I would like to restrict a location block to only POST requests. I
think should be able to do this using limit_except, but I am not sure
if I should allow all; or deny all;

location @backends {
passenger_enabled on;
}

location /transfers {
limit_except POST {

}

upload_pass @backends;
upload_store /data/nginx_tmp;
upload_store_access all:r;

# Pass these parameters to rails, information about the file.
upload_set_form_field $upload_field_name[filename] "$upload_file_name";
upload_set_form_field $upload_field_name[local_path] "$upload_tmp_path";

# Pass these generated parameters to rails.
upload_aggregate_form_field $upload_field_name[size] "$upload_file_size";

# Allow the remaning parameters to pass though unmolested.
upload_pass_form_field "^.*$";
}

This will allow GET to /transfers to go straight to Rails, but POSTs
are run through the upload_module.