diff --git a/http/Provision/Config/Nginx/Inc/vhost_include.tpl.php b/http/Provision/Config/Nginx/Inc/vhost_include.tpl.php
index 86d0d3d0464cc8b164ec0c700acd29c3110457ed..73ac20a2344023a2f37ef04b8d83ea5425f53619 100644
--- a/http/Provision/Config/Nginx/Inc/vhost_include.tpl.php
+++ b/http/Provision/Config/Nginx/Inc/vhost_include.tpl.php
@@ -461,7 +461,7 @@ location ^~ /audio/download {
###
### Deny listed requests for security reasons.
###
-location ~* (\.(?:git|htaccess|engine|config|inc|ini|info|install|make|module|profile|test|pl|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\..*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock))$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig\.save))$ {
+location ~* (\.(?:git.*|htaccess|engine|config|inc|ini|info|install|make|module|profile|test|pl|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\..*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock))$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig\.save))$ {
access_log off;
return 404;
}
diff --git a/http/Provision/Config/Nginx/subdir.tpl.php b/http/Provision/Config/Nginx/subdir.tpl.php
index fa67d960bfc331f87810bca872e82edba5670196..c2669bcbe27dd519ed25300149b6f13815368452 100644
--- a/http/Provision/Config/Nginx/subdir.tpl.php
+++ b/http/Provision/Config/Nginx/subdir.tpl.php
@@ -442,7 +442,7 @@ location ^~ /<?php print $subdir; ?> {
###
### Deny listed requests for security reasons.
###
- location ~* (\.(?:git|htaccess|engine|config|inc|ini|info|install|make|module|profile|test|pl|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\..*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock))$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig\.save))$ {
+ location ~* (\.(?:git.*|htaccess|engine|config|inc|ini|info|install|make|module|profile|test|pl|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\..*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock))$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig\.save))$ {
access_log off;
return 404;
}