That helped. I ended up moving the directory to the public_html domain folder. I then mapped the directory name to an internal location of the same name with a mapping very similar to that Nginx config. I used the default include file formatting ‘nginx.conf_xaccelredirect’ and I had to remove the trailing slashes for the root path which is an absolute path to directory. Because I always use Nginx and apache I opted to making sure the firewall does not allow direct access to 8080 or any of the apache2 ports. With those changes the files can now be served via the php header 'X-Accel-Redirect: ’ with the directory name and then the path to the authorized file. I have confirmed that accessing the directory directly results in the expected 404 I have also be able to access the file from the php now too. Its likely better to use Nginx to guard this directory rather than the fs or any other means since it is served just after some php authorization checking. Thanks for your help it set me in the right direction.