Request Filtering not Filtering Verb Request

I'm trying to filter out two verbs (OPTIONS and PROPFIND) to prevent an issue with Office asking for credentials when attempting to open an Office document (http://support.microsoft.com/kb/2019105/en-us) from occurring.  The overwhelming advice given out is to simply disable those two verbs and it should be resolved.  Okay, fire up the console, jump into Request Filtering, select HTTP Verbs and Deny OPTIONS and PROPFIND by setting them to false.  When I do that the web.config document gets created and looks like this:

 

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <security>
            <requestFiltering>
                <verbs>
                    <add verb="OPTIONS" allowed="false" />
                    <add verb="PROPFIND" allowed="false" />
                </verbs>
            </requestFiltering>
        </security>
    </system.webServer>
</configuration>

 

Cool.  Looks good.  Access the site, try to open the file and I see this in the logs:

 

2012-11-02 15:25:54 10.1.6.116 GET / - 443 - 10.1.4.86 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.1;+WOW64;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+.NET4.0E;+InfoPath.3) 401 2 5 0
2012-11-02 15:26:00 10.1.6.116 GET / - 443 administrator 10.1.4.86 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.1;+WOW64;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+.NET4.0E;+InfoPath.3) 200 0 0 202
2012-11-02 15:26:01 10.1.6.116 GET /document.doc - 443 administrator 10.1.4.86 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.1;+WOW64;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+.NET4.0E;+InfoPath.3) 304 0 0 202
2012-11-02 15:26:04 10.1.6.116 OPTIONS / - 443 - 10.1.4.86 Microsoft+Office+Protocol+Discovery 404 6 0 0
2012-11-02 15:26:04 10.1.6.116 OPTIONS / - 443 - 10.1.4.86 Microsoft+Office+Protocol+Discovery 404 6 0 0
2012-11-02 15:26:18 10.1.6.116 OPTIONS / - 443 - 10.1.4.86 Microsoft+Office+Word+2013 404 6 0 187
2012-11-02 15:26:20 10.1.6.116 HEAD /document.doc - 443 - 10.1.4.86 Microsoft+Office+Word+2013 401 2 5 0
2012-11-02 15:26:20 10.1.6.116 HEAD /document.doc - 443 - 10.1.4.86 Microsoft+Office+Word+2013 401 2 5 202
2012-11-02 15:26:23 10.1.6.116 HEAD /document.doc - 443 - 10.1.4.86 Microsoft+Office+Word+2013 401 2 5 202
2012-11-02 15:26:23 10.1.6.116 HEAD /document.doc - 443 - 10.1.4.86 Microsoft+Office+Word+2013 401 2 5 202
2012-11-02 15:26:23 10.1.6.116 HEAD /document.doc - 443 - 10.1.4.86 Microsoft+Office+Word+2013 401 2 5 202

 

Which pretty clearly shows that OPTIONS verb somehow getting through and causing Word to pop an authentication dialogue up.  I've removed and readded the filter too many times to count.  I've blown the web.config document away, recreated it by hand, added items by hand.  I've used the code here (http://blogs.msdn.com/b/netman/archive/2010/09/19/authentication-prompts-when-opening-microsoft-office-documents-on-anonymous-sharepoint-sites.aspx) which shows using <verbs applyToWebDAV="false"> instead of just <verbs> and still... That damn OPTIONS verb is not being denied...  Any suggestion of what I might be missing?