Nginx how to password protect HTTP methods with limit_except + rewrite

Question

i'm trying to acheive something in nginx but i'm having a hard time. Basically i want to ask for a password everytime my api receive any HTTP methods except POST and PUT , it works to some extent because the password prompts appear when trying to send a GET , but the rewrite command is not executed and nginx doesn't pass the correct route to the API that returns a 404 ( works fine if i dont try to use limit_except).

If anyone achieved anything similar it will help me a lot!

Thanks !

     location /apis/app/{
                rewrite /apis/app/(.*) /$1 break;
                limit_except POST PUT {
                auth_basic "Restricted";
                auth_basic_user_file  /var/www/html/apps/app/.htpasswd;
                }
                proxy_pass                      http://my_adress;
                proxy_redirect          off;
                proxy_set_header        Host                            $http_host;
                proxy_set_header        X-Real-IP                       $remote_addr;
                proxy_set_header        X-Forwarded-For         $proxy_add_x_forwarded_for;
                proxy_set_header        X-Forwarded-Proto       $scheme;
                add_header      tokentooap      app;
                limit_req zone=one;
        }
        location /apps/app/{
                try_files $uri $uri/ /apps/app/index.html;}