Sorry, this should be dead simple but it's not working for me...

I have a directory, called 'php', within my main directory which
contains fragments of HTML to be included in my main pages (either by
SSI or by PHP includes). I do not want any of these fragments to be
directly accessible by a browser. That is, I want
'http://www.mysite.com/php/fragment.html' to fail.

I have the following in my nginx.conf, but it doesn't work -
'http://www.mysite.com/php/fragment.html' still brings up the fragment
in the browser. What do I need to do? (And, on a completely separate
note, do I have to specify the full path to the root in each of my
hosts, or is there some shortcut for this)?

server {
server_name www.mysite.com;
listen 80;

location /php {
root /var/www/nginx-default/www.mysite.com;
deny all;
}

}


JM