Block certain extensions preferably across virtual hosts

Igor Sysoev igor at
Mon Nov 8 14:19:49 MSK 2010

On Mon, Nov 08, 2010 at 03:36:04AM -0500, kosh wrote:

> I have been working on converting from apache to nginx and I have a
> rule
> RewriteRule \.(asp|aspx|php|jsp)$ - [F,L]
> to block all of those. What would be the best way to convert that to
> nginx and is there a way to do it in one place so that all
> virtualhosts share it? 

Place this as the first location of virtual host:

location ~ \.(asp|aspx|php|jsp)$ {
    return 403;

You may also include it as a file.

> If I could put that in one place so it applies to everything I serve
> with nginx it would be much easier to add other things to it over time.
> Mostly I want to completely block many extensions since it makes
> analyzing errors much simpler.

This is common mistake that such single place makes administration easier.
Suppose, eventually you do not need to block .php in some new site.
What will you do ?

Igor Sysoev

More information about the nginx mailing list