I have a location that I would like to protect:

location /private {
satisfy any;

allow 192.168.1.0/24;
deny all;

auth_basic "Protected";
auth_basic_user_file conf/htpasswd;
}

This works for /private /private/ and /private/somefile.html

However, when I request (GET or POST) /private/foo.php it will execute without auth.

How can I set it up so everything under /private is protected?

Thanks,
Lac