Thanks for the advice Seems strange that this isn't an easy thing to do. After all, ALL security advise always recommends whitelisting what you want and denying everything else! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,199902,201299#msg-201299