Sometimes for security reasons we want to block user access to files with a specific extension. Below we’ll discuss the interception method under Nginx — once configured, front-end access will directly return a 403 code.

Sample code is as follows:
location ~ .*/.(jsp|php|asp|aspx|sql|dmp)$ {
deny all;
}
The above code denies access to files ending in jsp, php, asp, aspx, sql, or dmp.