nginx - 排除除两个文件之外的所有文件

Question

我需要允许在我的Nginx 1.6.0 Web服务器上访问2个文件：

[www.example.com/piwik.php] [1]

[www.example.com/piwik.js] [2]

其他一切都需要被阻止。使用正确的位置指令是什么？我有以下内容，它只是部分工作：

# allow everyone to access piwik.php
location ~ /piwik.php$ {
    fastcgi_pass   unix:/var/run/php5-fpm.sock;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include        fastcgi_params;
}

# allow everyone to access piwik.js
location ~ /piwik.js$ {
  root html;
  index index.html index.htm;
}

# The below appears to allow index.php to load, but blocks
# files beneath it (e.g. js/file1.js, imgs/pic1.jpg) so the page 
# is only half-rendered and I see a bunch of 403's in my NGINX logs.
# People are still able to access the half-loaded index.php webform 
# and login!!!

location / {            
    allow 192.168.1.1
    deny all;
    root   html;
    index  index.php index.html index.htm;
}

以下访问日志：

1.2.3.4 - - [04/May/2014:20:04:22 -0400] "GET 
/libs/jquery/stylesheets/jquery.smartbanner.css?cb=ef21e462d0300ea546811bec0ee6a912 
HTTP/1.1" 403 162 "https://example.com/index.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 
7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 
Safari/9537.53"

1.2.3.4 - - [04/May/2014:20:04:22 -0400] "GET /plugins/Login/stylesheets/login.css?
cb=ef21e462d0300ea546811bec0ee6a912 HTTP/1.1" 403 162 "https://example.com/index.php" 
"Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, 
like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53"

1.2.3.4 - - [04/May/2014:20:03:15 -0400] "GET /plugins/Morpheus/images/logo.svg 
HTTP/1.1" 403 162 "https://example.com/index.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 
7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 
Safari/9537.53"

当用户尝试访问主页（index.php）时，错误如下所示。

2014/05/06 14:17:51 [error] 6917#0: *385 access forbidden by rule, client: 180.76.X.X, server: example.com, request: "GET /robots.txt HTTP/1.1", host: "example.com"

2014/05/06 15:21:47 [error] 6917#0: *392 access forbidden by rule, client: 66.249.X.X, server: example.com, request: "GET / HTTP/1.1", host: "example.com"

2014/05/06 15:38:24 [error] 6917#0: *398 access forbidden by rule, client: 66.249.X.X, server: example.com, request: "GET / HTTP/1.1", host: "example.com"

2014/05/06 19:02:45 [error] 6917#0: *412 access forbidden by rule, client: 66.249.X.X, server: example.com, request: "GET / HTTP/1.1", host: "example.com"

2014/05/06 20:06:04 [error] 6917#0: *413 access forbidden by rule, client: 185.4.X.X, server: example.com, request: "GET http://24x7-allrequestsallowed.com/?PHPSESSID=1rmsxtj500143PRTJWQAY%40D%5EJFSX HTTP/1.1", host: "24x7-allrequestsallowed.com"

2014/05/06 20:09:22 [error] 6917#0: *414 access forbidden by rule, client: 66.249.X.X, server: example.com, request: "GET / HTTP/1.1", host: "example.com"