according to the latest wiki info:
http://wiki.nginx.org/Pitfalls#Taxing_Rewrites
`return 301` is preferred over a rewrite.
also, the 'security' regex breaks some official extensions because it
will match and deny access to `/ext/phpbb`.
looking through the names of dirs and files containing `phpbb`, it
looks like the intent of the regex was to only disallow the folder
`phpbb` in the root dir and not other `/phpbb` matches.
a negative lookbehind was added to specifically not match `/ext/phpbb`
but still match other occurrences of `/phpbb`.
Tracker ticket: https://tracker.phpbb.com/browse/PHPBB3-15385
The "deny" and "access" directives are IP-based in general. Both directives
only support IPv6 from nginx 0.8.22 onwards, on older versions of nginx those
directives have no effect on IPv6 requests. Thus they do not block access for
IPv6 requests.
Adding the "internal" directive blocks external access in general (both IPv4
and IPv6) and makes the web server return a status code 404 (Not Found)
response.
See:
http://nginx.org/en/CHANGEShttp://wiki.nginx.org/HttpCoreModule#internal
PHPBB3-10007
