ngx_http_dav_module disable_symlink question

Eckart Haufler Eckart.Haufler at
Tue Jul 26 07:39:29 UTC 2022

We want to use the ngx_http_dav_module with the nginx server (1.21) on a linux machine.
For security reasons, we would like to forbid to follow symbol links (e.g. for the case  of accidental symbol links to directories like  root /    ).
The nginx directive “disable_symlinks“  looked promising.  It suppresses the download of files, but  “MOVE” or “DELETE” seems not to be blocked.
Also the documentation says  “ngx_http_autoindex_module<>, ngx_http_random_index_module<>, and ngx_http_dav_module<> modules currently ignore this directive.”
Is this planned or resolved on some newer release branches – or are there other settings to achieve better protection?

Thanks for any hints!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx-devel mailing list