Hi, I have been having issues accessing fields for content types in Drupal and I pinpointed this to be a problem with the recipe I used (https://www.nginx.com/resources/wiki/start/topics/recipes/drupal/).

The issue is when accessing tag fields (e.g. path `/admin/structure/types/manage/event/fields/node.event.field_tags`), the path has 'tag' in the name and in the recipe this is included to the filter for throwing 404 error,

```
# Protect files and directories from prying eyes.
location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|/(\.(?!well-known).*)|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config$|/#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ {
deny all;
return 404;
}
```

By removing the 'Tag' I can access it.

So the question, will it worsen the security for my website? (I don't think so tbh)
Also, is there a workaround for this, like enforcing case sensitive characters or something like this, maybe someone has been in a similar situation?