diff --git a/public/templates/conf/nginxconfig.io/drupal.conf.html b/public/templates/conf/nginxconfig.io/drupal.conf.html
index 57083c4..dc567bd 100644
--- a/public/templates/conf/nginxconfig.io/drupal.conf.html
+++ b/public/templates/conf/nginxconfig.io/drupal.conf.html
@@ -1,6 +1,7 @@
 # Drupal: deny private files
-location ~ ^/sites/.*/private/ {
+location ~ ((^|/)\.|^.*\.yml$|^/sites/.*/private/|^/sites/[^/]+/.*settings.*\.php$) {
 	deny all;
+  return 404;
 }
 
 # Drupal: deny php in files
@@ -13,6 +14,14 @@ location ~ /vendor/.*\.php$ {
 	deny all;
 }
 
+# Allow image styles to be handled by the CMS.
+location ~ ^/sites/[^/]+/files/styles/ {
+    try_files $uri @rewrite;
+}
+location @rewrite {
+  rewrite ^/(.*)$ /index.php?q=$1;
+}
+
 # Drupal: handle private files
 location ~ ^(/[a-z\-]+)?/system/files/ {
 	try_files $uri /index.php?$query_string;