Deny access per extension in multiple locations

António P. P. Almeida appa at
Thu Oct 7 20:35:13 MSD 2010

On 7 Out 2010 17h07 WEST, nginx-forum at wrote:

> Hello,
> I have this rule in apache that denies access to some extensions in
> multiple locations.
> I have this .htaccess in some folders like uploads, docs, pdfs.
> Order allow,deny
> Deny from all
> How can I join this in one line to deny access in multiple folders
> for these extensions?
> I was trying this without success:
> location ~ /(uploads/|docs/|pdfs/)*\.(php|cgi|pl|php3|php4|php5)$ {
> root /srv/www/;
> deny    all;
> }

Well I would approach the problem from a different angle:

1. First I would enumerate which locations require a upstream, be it
   another server or a FCGI process.

2. Then as my last location directive in the config file I would

  location ~* ^.+\.(?:php[3-5]*|cgi|pl) {
          return 404;
This way there's no loophole for having PHP or Perl files being
executed outside of the specified locations.

--- appa

More information about the nginx mailing list