# block direct access to templates, XML schemas, config files, dotfiles, environment info, etc.
location ~ ^/modules/editor/(skins|styles)/.+\.html$ {
	# pass
}
location ~ ^/(addons|common/tpl|files/(faceOff|ruleset)|(m\.)?layouts|modules|plugins|themes|widgets|widgetstyles)/.+\.(html|xml|blade\.php)$ {
	return 403;
}
location ~ ^/files/(attach|config|cache)/.+\.(ph(p|t|ar)?[0-9]?|p?html?|cgi|pl|exe|[aj]spx?|inc|bak)$ {
	return 403;
}
location ~ ^/files/(env|member_extra_info/(new_message_flags|point))/ {
	return 403;
}
location ~ ^/(\.git|\.ht|\.travis|codeception\.|composer\.|Gruntfile\.js|package\.json|CONTRIBUTING|COPYRIGHT|LICENSE|README) {
	return 403;
}

# fix incorrect relative URLs (for legacy support)
location ~ ^/(.+)/(addons|files|layouts|m\.layouts|modules|widgets|widgetstyles)/(.+) {
	try_files $uri $uri/ /$2/$3;
}

# fix incorrect minified URLs (for legacy support)
location ~ ^/(.+)\.min\.(css|js)$ {
	try_files $uri $uri/ /$1.$2;
}

# fix download URL when other directives for static files are present
location ~ ^/files/download/ {
	try_files $uri $uri/ /index.php$is_args$args;
}

# all other short URLs
location / {
	try_files $uri $uri/ /index.php$is_args$args;
}