diff --git a/roles/nginx/templates/vhost.conf.j2 b/roles/nginx/templates/vhost.conf.j2
index a46be17..2ce762c 100644
--- a/roles/nginx/templates/vhost.conf.j2
+++ b/roles/nginx/templates/vhost.conf.j2
@@ -44,7 +44,7 @@ server {
         root /usr/share/nginx/html;
     }
 
-    location ~ \.php$ {
+    location ~ [^/]\.php(/|$) {
         # Zero-day exploit defense.
         # http://forum.nginx.org/read.php?2,88845,page=3
         # Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.