diff --git a/images/nginx-drupal/drupal.conf b/images/nginx-drupal/drupal.conf
index d5bb74c90..09813c0aa 100644
--- a/images/nginx-drupal/drupal.conf
+++ b/images/nginx-drupal/drupal.conf
@@ -17,6 +17,15 @@ server {
   location / {
     include /etc/nginx/conf.d/drupal/location_prepend*.conf;
 
+    ## This has to come before any *.txt path-based blocking
+    ## Support for the securitytxt module
+    ## http://drupal.org/project/securitytxt.
+    ## RFC8615 standard path.
+    location ~* /\.well-known/security\.txt(\.sig)?$ {
+      access_log off;
+      try_files $uri @drupal;
+    }
+
     ## Do not allow access to .txt and .md unless inside sites/*/files/
     location ~* ^(?!.+sites\/.+\/files\/).+\.(txt|md)$ {
       deny all;
@@ -121,14 +130,6 @@ server {
     log_not_found off;
   }
 
-  ## Support for the securitytxt module
-  ## http://drupal.org/project/securitytxt.
-  ## RFC8615 standard path.
-  location ~* ^/\.well-known/security\.txt(\.sig)?$ {
-    access_log off;
-    try_files $uri @drupal;
-  }
-
   ## Support for the robotstxt module
   ## http://drupal.org/project/robotstxt.
   location = /robots.txt {