I suggest you put the generic \.php$ regex location into the / default
prefix location, like :
location / {
location \.php$ {
[...]
}
}

This avoids having regex location at the first level, since they are
sensitive to order.

Why using regex locations for individual files? The following would be more
efficient:
location /myfile.php {
[...]
}

I also suggest you move redundant directives to the upper level whenever
possible, this will help maintenance.
---
*B. R.*

On Thu, Jan 8, 2015 at 11:49 PM, carlg <nginx-forum@nginx.us> wrote:

> Here is what i found to achieve this :
>
> i denied access to every php files :
>
> location ~ \.php$ {
> fastcgi_split_path_info ^(.+\.php)(/.+)$;
> fastcgi_pass unix:/var/run/php5-fpm.sock;
> fastcgi_index index.php;
> include fastcgi_params;
> allow 127.0.0.1;
> deny all;
> }
>
>
> and then i create one rule per page (takes time with some scripts, but it
> worth it :)
>
> location ~* ^/myfile.php$ {
> fastcgi_split_path_info ^(.+\.php)(/.+)$;
> try_files $uri $uri/ /index.php?q=$args;
> fastcgi_pass unix:/var/run/php5-fpm.sock;
> fastcgi_index index.php;
> include fastcgi_params;
> include /etc/nginx/naxsi.rules;
> allow all;
> }
>
> Every tutorials i found on nginx tell us to allow / deny in location /.
> ...but ^(.+\.php) is another location, not included in location /
>
> If i follow most tutorials i am still able to reach the php files inside
> the
> location / even if i denied access to all of them. Doing this way works
> great :)
>
> I hope this will help someone ... ...someday :)
> Cheers :)
>
> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,254785,256007#msg-256007
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx