thank you for reply.. i change it to "location = /admin.php " and move it above the "location ~ \.php$ " it blocks other IPs but give file not found error for allowed Ips.. the last time I added root to admin.php location the browser promot me to download admin.php.. what can I do now ? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,227281,227284#msg-227284