Nginx allow/deny not working (403 Forbidden)

I am attempting to set some allow/deny directives within nginx for a few subfolders on my server. I am modifying the /etc/nginx/sites/enabled/default file, which is listed below:

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    client_max_body_size 20M;

    root /usr/share/nginx/html;
    index index.php index.html index.htm;

    # Make site accessible from http://localhost/
    server_name localhost;

    location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            #try_files $uri $uri/ =404;
            try_files $uri $uri/ /index.php?$args;
            # Uncomment to enable naxsi on this location
            # include /etc/nginx/naxsi.rules
    }

    location /nothingtosee {
      auth_basic "Closed Website";
      auth_basic_user_file /etc/nginx/pma_pass;
      fastcgi_buffer_size 128k;
      fastcgi_buffers 256 4k;
      fastcgi_busy_buffers_size 256k;
      fastcgi_temp_file_write_size 256k;
      fastcgi_read_timeout 240;
    }

    location /squirrelmail {
           root /usr/share/;
           index index.php index.html index.htm;
           location ~ ^/squirrelmail/(.+\.php)$ {
                   try_files $uri =404;
                   root /usr/share/;
                   fastcgi_pass 127.0.0.1:9000;
                   fastcgi_index index.php;
                   fastcgi_param SCRIPT_FILENAME $request_filename;
                   include /etc/nginx/fastcgi_params;
                   fastcgi_param PATH_INFO $fastcgi_script_name;
                   fastcgi_buffer_size 128k;
                   fastcgi_buffers 256 4k;
                   fastcgi_busy_buffers_size 256k;
                   fastcgi_temp_file_write_size 256k;
                   fastcgi_intercept_errors on;
           }
    location ~* ^/squirrelmail/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                   root /usr/share/;
           }
    }
    location /webmail {
           rewrite ^/* /squirrelmail last;
    }

    location /nginx_status {
      stub_status on;
      access_log   off;
      allow 10.1.1.28;
      deny all;
    }

    location /ill {
      allow 10.1.1.28;
      allow 10.0.1.38;
      deny all;
    }

    # Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
    #location /RequestDenied {
    #       proxy_pass http://127.0.0.1:8080;
    #}

    #error_page 404 /404.html;

    # redirect server error pages to the static page /50x.html
    #
    #error_page 500 502 503 504 /50x.html;
    #location = /50x.html {
    #       root /usr/share/nginx/html;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
    #       # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
    #
    #       # With php5-cgi alone:
            fastcgi_pass 127.0.0.1:9000;
    #       # With php5-fpm:
    #       fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            include fastcgi_params;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #       deny all;
    #}}

When viewing the directories containing allow/deny directives from any IP address, I get a 403 Forbidden error. All directories without allow/deny works fine.

I'm new to nginx... does anything in my configuration look incorrect?

THANKS!

I would like to deny access to /ill to everyone except 10.1.1.28 and 10.1.1.38. With the configuration listed above, I get a 403 error from everywhere, including .28 and .38.

@user671460 Edit your post with curl's request and reply and relevant access log line, and error log content.

2015/03/23 12:48:46 [error] 2915#0: *1 access forbidden by rule, client: xx.xxx.xx.110, server: localhost, request: "GET /ill/ HTTP/1.1", host: "test.yourdomain.org" -- If I access it using it's internal IP (10.1.1.194/ill). the allow/deny works correctly. If I access it using our test domain (test.yourdomain.org/ill), it uses xx.xxx.xx.110. I apologize for not being able to explain this better, but I do appreciate your help.

@user671460 So your IP address when testing is xx.xxx.xx.110 not 10.1.1.28 nor 10.0.1.38. Not an nginx issue.

So add xx.xxx.xx.110 to the allow list, simple.