deny rule is not filtering entirely

nginx phusion-passenger

Solution 1:

This is a guess, but in the config, passenger_enabled on; is on the server level.

It is possible that this captures the requests.

Try removing the line from server level and add:

location / {
    passenger_enabled on;
}

Related

Is Google cloud platform Vmware engine VMs able to use GCP HTTP load balancer as frontend?
HAProxy - Dynamically updating SSL certs without a reload
Google Cloud Speech-to-Text API key error
How to setup own dns server
Apache VHost redirect aliases to HTTPS
Installed python script warns not on PATH
Parsing mail logs
Using SSH over high-latency connection (satellite)
Does IDs from `ls -l /dev/disk/by-id` output are unique to a disk? - DELL PERC card
How to manage local accounts on a windows office network?
Google DMARC Support, DKIM and SPF fail
"Inverse" of the inscribed angle theorem