Sanity check of my config - is it secure?
António P. P. Almeida
appa at perusio.net
Fri May 27 00:42:55 MSD 2011
On 26 Mai 2011 21h30 WEST, nginx-forum at nginx.us wrote:
> Thanks for the advice
> Seems strange that this isn't an easy thing to do. After all, ALL
> security advise always recommends whitelisting what you want and
> denying everything else!
The config with two regex locations nested did that. But if you're
asking for a *catch all* regex that blocks every other extension
besides css, js, &c, then you're thinking in terms of the
complement of the set of allowed extensions.
It's easier to enunciate the negative than the positivem due to the
fact that you're "searching" a wide space.
> Posted at Nginx Forum:
> nginx mailing list
> nginx at nginx.org
More information about the nginx