Sanity check of my config - is it secure?

António P. P. Almeida appa at
Fri May 27 00:42:55 MSD 2011

On 26 Mai 2011 21h30 WEST, nginx-forum at wrote:

> Thanks for the advice
> Seems strange that this isn't an easy thing to do. After all, ALL
> security advise always recommends whitelisting what you want and
> denying everything else!

The config with two regex locations nested did that. But if you're
asking for a *catch all* regex that blocks every other extension
besides css, js, &c, then you're thinking in terms of the
complement of the set of allowed extensions.

It's easier to enunciate the negative than the positivem due to the
fact that you're "searching" a wide space.

--- appa

> Posted at Nginx Forum:
> _______________________________________________
> nginx mailing list
> nginx at

More information about the nginx mailing list