Issue php file downloading instead of executing when using deny access

[elaa]

I am denying access website only from one IP Address, so I add this code in PLESK Domains > example.com >

Apache & nginx Settings. in the Additional nginx directives section I added this code and my ip address

    location ^~ /ctst {
    allow 203.0.113.2;
    deny all;
    }

but this only denied access to /ctst but all other files inside /ctst are not denied