Passing / denying PHP requests

Francis Daly francis at
Wed Oct 23 18:41:26 UTC 2013

On Wed, Oct 23, 2013 at 11:32:33AM -0700, Paul N. Pace wrote:
> On Wed, Oct 23, 2013 at 9:49 AM, Francis Daly <francis at> wrote:

Hi there,

> "location ~ php$ { deny all; }" does not deny access to any php files,
> even when nested in "location ^~ /installdirectory/ {}". The previous
> configuration "location ~* installdirectory/.*\.php$ { deny all; }"
> did block access to all php files. The ".*\." - is that why one works
> and the other doesn't?

I suspect not.

What "location" lines do you have in the appropriate server{} block in
your config file?

What one request do you make?

>From that, which one location{} block is used to handle this one request?

> > for how the one location{} is chosen to
> > handle a request.
> I read through the explanation of the location directive,
> but it isn't helping me with understanding how to build the deny
> statement.

Do whatever it takes to have these requests handled in a known location{}

Put the config you want inside that block.

If you enable the debug log, you will see lots of output, but it will tell
you exactly which block is used, if it isn't clear from the "location"


Francis Daly        francis at

More information about the nginx mailing list