Passing / denying PHP requests

Paul N. Pace paulnpace at
Wed Oct 23 18:32:33 UTC 2013

Thank you, Francis.

On Wed, Oct 23, 2013 at 9:49 AM, Francis Daly <francis at> wrote:
> If you don't like regex, don't use regex.
> You probably want another location{} to "deny", and that might be
> "location ~ php$ {}", or it might be that nested inside
>   location ^~ /installdirectory/ {}
> depending on what else you want in the server config.

"location ~ php$ { deny all; }" does not deny access to any php files,
even when nested in "location ^~ /installdirectory/ {}". The previous
configuration "location ~* installdirectory/.*\.php$ { deny all; }"
did block access to all php files. The ".*\." - is that why one works
and the other doesn't?

> for how the one location{} is chosen to
> handle a request.

I read through the explanation of the location directive,
but it isn't helping me with understanding how to build the deny

More information about the nginx mailing list