<div>
                    <span style="font-size: 12px;">Hi,</span>
                </div><div><span style="font-size: 12px;"><br></span></div><div><span style="font-size: 12px;">I have a question with this POC:</span></div><div><span style="font-size: 12px;"><br></span></div><div><blockquote type="cite"><div>location /protected/ {</div><div>deny all;</div><div>}</div><div><br></div></blockquote></div><div><blockquote type="cite"><div>location ~ \.php$ {</div><div>fastcgi_pass ...</div><div>}</div></blockquote><div><br></div><div><span style="font-size: 12px;">These locations own different </span>priorities, <a href="http://nginx.org/en/docs/http/ngx_http_core_module.html#location">http://nginx.org/en/docs/http/ngx_http_core_module.html#location</a></div></div><div><br></div><div><span style="font-size: 12px;">I think every request like “/protected/hello.php” can bypass this security restriction like “location /protected {deny all;}”.</span></div><div><span style="font-size: 12px;"><br></span></div><div><span style="font-size: 12px;">Is there something wrong with this POC </span>description or something I misunderstand? Thanks.</div><div><br></div><div><span style="font-size: 12px;">Regards.</span></div><div><span style="font-size: 12px;"><br></span></div><div><span style="font-size: 12px;">yzprofile</span></div><blockquote type="cite" style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px;"><span><div><div></div></div></span>
                 
                 
                 
                 
                </blockquote>
                 
                <div>
                    <br>
                </div>