Best way to only allow specific file extensions?

Nick Pearson nick.pearson at gmail.com
Tue Mar 9 07:21:46 MSK 2010


Looks like your regex is still wrong.  At the beginning, this:

    ^(\/|\.html|\.jpg [...]

is saying:

    [beginning of URI] then [/ OR .html OR .jpg ...]

I think what you meant was for the first slash to be outside the parens:

    ^\/(\.html|...

However, I think what you really want is to get rid of the ^ and the
leading slash altogether, and just focus on how the URI ends:

    (\.html|\.jpg|\.php|\.png|\.css|\.ico|\.js|\.swf|\.gif|robots\.txt)$

Otherwise, your regex will only match things like "/.html" and
"/.jpg".  The only one that would work with the ^ and leading slash is
"/robots.txt".

Nick


On Mon, Mar 8, 2010 at 3:57 PM, David Taveras <d3taveras38d3 at gmail.com> wrote:
> Hello Cliff,
>
> I tried your suiggestion however at the end it is allowing any file
> extension and it is still letting in unrecognized extensions.
>
> Thanks
>
> David
>
>
> On Mon, Mar 8, 2010 at 4:01 PM, Cliff Wells <cliff at develix.com> wrote:
>> On Mon, 2010-03-08 at 15:39 -0500, David Taveras wrote:
>>> Hello,
>>>
>>> Iam running a reverse proxy and I would like only to relay certain
>>> type of extensions to the backend.. (and ofcourse any directory)
>>>
>>>       location / {
>>>         proxy_pass  http://www.domain.org:80/;
>>>         proxy_pass_header  Set-Cookie;
>>>         proxy_set_header  X-Real-IP  $remote_addr;
>>>
>>>       }
>>>
>>>      ## Only allow these file types to document root
>>>       location / {
>>>         if ($request_uri ~*
>>> (^\/|\.html|\.jpg|\.php|\.png|\.css|\.ico|\.js|\.swf|\.gif|robots\.txt)$
>>> ) {
>>>           break;
>>>         }
>>>         return 444;
>>>       }
>>
>> You can use regular expressions in the location, no need for separate
>> "if":
>>
>> location ~ ^(\/|\.html|\.jpg|\.php|\.png|\.css|\.ico|\.js|\.swf|\.gif|robots\.txt)$ {
>>  return 444;
>> }
>>
>> Also, double-check your regex.  It looks like you've misplaced your
>> parens in the original, you have (^...)$ and it should be ^(...)$.
>>
>> Regards,
>> Cliff
>>
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://nginx.org/mailman/listinfo/nginx
>>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
>



More information about the nginx mailing list