Thanks. I should have tried it before ask. I used it once, but then replaced by a firewall solution. Now the hackers seem more intelligent, they don't request pages which are served directly by nginx. I'll try it again. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,166219,166293#msg-166293