diff --git a/swift/common/middleware/tempauth.py b/swift/common/middleware/tempauth.py
index 86a32371f3..fda86a1d04 100644
--- a/swift/common/middleware/tempauth.py
+++ b/swift/common/middleware/tempauth.py
@@ -184,7 +184,7 @@ from eventlet import Timeout
 import six
 from swift.common.swob import Response, Request, wsgi_to_str
 from swift.common.swob import HTTPBadRequest, HTTPForbidden, HTTPNotFound, \
-    HTTPUnauthorized
+    HTTPUnauthorized, HTTPMethodNotAllowed
 
 from swift.common.request_helpers import get_sys_meta_prefix
 from swift.common.middleware.acl import (
@@ -688,6 +688,9 @@ class TempAuth(object):
         """
         req.start_time = time()
         handler = None
+        if req.method != 'GET':
+            req.response = HTTPMethodNotAllowed(request=req)
+            return req.response
         try:
             version, account, user, _junk = split_path(req.path_info,
                                                        1, 4, True)
diff --git a/test/unit/common/middleware/test_tempauth.py b/test/unit/common/middleware/test_tempauth.py
index a963817612..fafeffccd5 100644
--- a/test/unit/common/middleware/test_tempauth.py
+++ b/test/unit/common/middleware/test_tempauth.py
@@ -1024,6 +1024,36 @@ class TestAuth(unittest.TestCase):
         resp = req.get_response(ath)
         self.assertEqual(204, resp.status_int)
 
+    def test_request_method_not_allowed(self):
+        test_auth = auth.filter_factory({'user_ac_user': 'testing'})(FakeApp())
+        req = self._make_request(
+            '/auth/v1.0',
+            headers={'X-Auth-User': 'ac:user', 'X-Auth-Key': 'testing'},
+            environ={'REQUEST_METHOD': 'PUT'})
+        resp = req.get_response(test_auth)
+        self.assertEqual(resp.status_int, 405)
+
+        req = self._make_request(
+            '/auth/v1.0',
+            headers={'X-Auth-User': 'ac:user', 'X-Auth-Key': 'testing'},
+            environ={'REQUEST_METHOD': 'HEAD'})
+        resp = req.get_response(test_auth)
+        self.assertEqual(resp.status_int, 405)
+
+        req = self._make_request(
+            '/auth/v1.0',
+            headers={'X-Auth-User': 'ac:user', 'X-Auth-Key': 'testing'},
+            environ={'REQUEST_METHOD': 'POST'})
+        resp = req.get_response(test_auth)
+        self.assertEqual(resp.status_int, 405)
+
+        req = self._make_request(
+            '/auth/v1.0',
+            headers={'X-Auth-User': 'ac:user', 'X-Auth-Key': 'testing'},
+            environ={'REQUEST_METHOD': 'DELETE'})
+        resp = req.get_response(test_auth)
+        self.assertEqual(resp.status_int, 405)
+
 
 class TestAuthWithMultiplePrefixes(TestAuth):
     """