If you are trying to stop direct requests to a directory the best way is to remove the directory from a web accessible area and then have the script access the non web accessible area. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,1176,1213#msg-1213