Only allow certain file extensions?

Wed Feb 25 09:34:18 MSK 2009

On Tue, Feb 24, 2009 at 09:58:46PM -0800, Rt Ibmer wrote:

> What is the best way to enforce that nginx only serves content to a list of known good extensions (like .php, .css, .xml, .jpg etc) and does a deny all on all other page types?
> 
> I was thinking of using a location block for this, like so:
> 
> location NOT ~* regex_with_valid_extensions {
>         access_log  /deny.log   main;
>         deny all;
>     }
> 
> But I wasn't sure how to do a NOT (make the regex match if the regex was false. Also I was thinking perhaps there is a better way?
> 
> In summary I have two rules.  Rule #1 is that certain known bad extensions I want blocked, for example .xyz.  Rule #2 is that I want to allow only good known extensions, like .htm, .css, .jpg, .gif etc.
> 
> So I want my rule to be that it cannot match the denied extension(s) and it must also pass the allowed extensions.
> 
> I know it is a bit repetitive because since .xyz would not be in the allowed extensions then it would by default be blocked.  But just to be certain I'd like it to work this way.
> 
> Any suggestions on the best approach to do this, without then messing up the subsequently location blocks from matching?


     location / {
         ...
     }

     location ~ \.(htm|css|jpg|gif)$ {
         ...
     }

     location ~ \.php$ {
         ...
     }

     location ~ \.[^\.]+$ {
         deny all;
     }


-- 
Igor Sysoev
http://sysoev.ru/en/