location /administrator/ {
allow 1.1.1.1;
allow 2.2.2.2;
deny all;
I tried to use that configuration. If someone accessing
www.domain.com/administrator/ it's forbidden.
But if someone accessing www.domain.com/administrator/index.php they can
execute it
Is there somethink I've missed?