Deny rules not working - raw php files being served!

Hi all,

I’m using a pretty simple WordPress nginx config that is documented on
WordPress codex.

All works fine except for 1 critical aspect.

The config uses a restrictions.conf which has some fairly simple rules
blocking unauthorized access to specific files and file patterns like

Deny all attempts to access hidden files such as .htaccess, .htpasswd,

.DS_Store (Mac).

Keep logging the requests to parse later (or to pass to firewall

such as fail2ban)
location ~ /. {
deny all;

What I’ve found is rather than actually denying requests, raw php files
being served up via nginx - which is very odd.

Any ideas why this would be happening?


Posted at Nginx Forum:,237177,237177#msg-237177

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs