according to the latest wiki info: http://wiki.nginx.org/Pitfalls#Taxing_Rewrites `return 301` is preferred over a rewrite. also, the 'security' regex breaks some official extensions because it will match and deny access to `/ext/phpbb`. looking through the names of dirs and files containing `phpbb`, it looks like the intent of the regex was to only disallow the folder `phpbb` in the root dir and not other `/phpbb` matches. a negative lookbehind was added to specifically not match `/ext/phpbb` but still match other occurrences of `/phpbb`. Tracker ticket: https://tracker.phpbb.com/browse/PHPBB3-15385