Hello, I finally found that these configuration is the cause of breaking Nginx "deny" access feature. Before I added these into my ISPConfig additional scriplet, my site's stats page deny access as expected. After I added these to my site's Nginx configuration, Nginx does not deny access any more. Could any one explain why it is? :O Code: location ~* \.(png|jpg|jpeg|gif|woff2|svg|js|css|pdf|html|swf)$ { expires 365d; add_header Cache-Control "public, no-transform"; }
I found the culprit at last! Remove the html from the above location directive. Then, Ngnix "deny access" works again! This html just coincides and conflicts with ISPConfig's Nginx stats directive which also contains an html! However, I do not know yet the mechanism of this failure.
I don't use nginx, but I suspect that by setting this, you overrule the other rules set by ISPConfig.