location ~ /.ht { deny all; }
this? I understand what you are saying but don’t know how I am blocking https otherwise.