diff --git a/conf/nginx.conf b/conf/nginx.conf
index 989f093..5ece882 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -15,24 +15,22 @@ location __PATH__/ {
   client_max_body_size 100M;
 
   try_files $uri $uri/ index.php;
-  location ~ [^/]\.php(/|$) {
-    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+  location __PATH__/(index|matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs)\.php(/|$) {
+    include snippets/fastcgi-php.conf;
+    try_files $fastcgi_script_name =404;
+    fastcgi_param HTTP_PROXY "";
     fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
-
-    fastcgi_index index.php;
-    include fastcgi_params;
-    fastcgi_param REMOTE_USER $remote_user;
-    fastcgi_param PATH_INFO $fastcgi_path_info;
-    fastcgi_param SCRIPT_FILENAME $request_filename;
   }
 
-
     ## deny access to all other .php files
     location ~* ^.+\.php$ {
         deny all;
         return 403;
     }
 
+    location __PATH__/ {
+        try_files $uri $uri/ =404;
+    }
 
     ## disable all access to the following directories
     location __PATH__/(config|tmp|core|lang) {
@@ -40,7 +38,12 @@ location __PATH__/ {
         return 403; # replace with 404 to not show these directories exist
     }
 
-        location ~ js/container_.*_preview\.js$ {
+    location __PATH__/\.ht {
+        deny  all;
+        return 403;
+    }
+
+    location ~ js/container_.*_preview\.js$ {
         expires off;
         more_set_headers "Cache-Control: private, no-cache, no-store";
     }
@@ -60,7 +63,7 @@ location __PATH__/ {
     }
 
     ## properly display textfiles in root directory
-    location ~/(.*\.md|LEGALNOTICE|LICENSE) {
+    location __PATH__/(.*\.md|LEGALNOTICE|LICENSE) {
         default_type text/plain;
     }