We have following two location blocks in our nginx.conf file, if the block about “protected” is placed before the “.php” one, then php script inside the /protected directory wont be executed as php script.

location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

location ~ ^/(protected) {
allow 127.00,1;
deny all;
auth_basic “Restricted”;
auth_basic_user_file /conf/.htpasswd;
}