Nginx Settings to Block Conent/Kirby/Site Folder

Azure App services is forcing Nginx only and I have never really used it before. I tried converting the .htaccess directives to Nginx but am not 100% if this is right. Any help would be appreciated as my website says those pages are exposed.

    location /content {
        rewrite ^/content/(.*)\.(txt|md|mdown)$ /index.php break;

    location /site {
        rewrite ^/site/(.*) /index.php break;

    location /kirby {
        rewrite ^/kirby/(.*) /index.php break;

I ended up removing the location section and ended up putting the below directly in the server section and it worked. This might be useful to include in this section: Security | Kirby CMS for those of us forced to use Nginx.

    rewrite ^/content/(.*)\.(txt|md|mdown)$ /index.php last;
    rewrite ^/site/(.*) /index.php last;
    rewrite ^/kirby/(.*) /index.php last;

Instead of relying on specific server settings to keep your site files secure, you can just keep everything you don’t want publicly accessible out of the web root. This way, there’s no chance of a security breach because of a missing or incorrect setting.

Kirby allows you to configure all the folder locations used for content, storage, and everything else. I strongly recommend a setup where the web root is a sub-folder in your project (something like public/). Everything else (content, storage, blueprints, templates, etc) lives outside that folder and the web server is configured with the public/ folder as the web root. This way, anything outside that folder is not accessible over the web by default.