Best way to only allow specific file extensions?

Igor Sysoev igor at sysoev.ru
Tue Mar 9 10:38:24 MSK 2010 

On Mon, Mar 08, 2010 at 09:39:27PM -0800, Cliff Wells wrote:

> Okay, so if I understand you, you want:
> 
> 1) all requests for particular extensions and directories to be proxied
> to a backend
> 
> 2) everything else to return 444
> 
> 
> location ~ (/?|\.html$|\.jpg|\.php|\.png|\.css|\.ico|\.js|\.swf|\.gif|robots\.txt)$ {
>     proxy_pass  http://www.domain.org:80/;

-     proxy_pass  http://www.domain.org:80/;
+     proxy_pass  http://www.domain.org:80;

> }
> 
> location / { return 444; }
> 
> 
> Is that closer to what you want?
> 
> Cliff
> 
> On Mon, 2010-03-08 at 16:57 -0500, David Taveras wrote:
> > Hello Cliff,
> > 
> > I tried your suiggestion however at the end it is allowing any file
> > extension and it is still letting in unrecognized extensions.
> > 
> > Thanks
> > 
> > David
> > 
> > 
> > On Mon, Mar 8, 2010 at 4:01 PM, Cliff Wells <cliff at develix.com> wrote:
> > > On Mon, 2010-03-08 at 15:39 -0500, David Taveras wrote:
> > >> Hello,
> > >>
> > >> Iam running a reverse proxy and I would like only to relay certain
> > >> type of extensions to the backend.. (and ofcourse any directory)
> > >>
> > >>       location / {
> > >>         proxy_pass  http://www.domain.org:80/;
> > >>         proxy_pass_header  Set-Cookie;
> > >>         proxy_set_header  X-Real-IP  $remote_addr;
> > >>
> > >>       }
> > >>
> > >>      ## Only allow these file types to document root
> > >>       location / {
> > >>         if ($request_uri ~*
> > >> (^\/|\.html|\.jpg|\.php|\.png|\.css|\.ico|\.js|\.swf|\.gif|robots\.txt)$
> > >> ) {
> > >>           break;
> > >>         }
> > >>         return 444;
> > >>       }
> > >
> > > You can use regular expressions in the location, no need for separate
> > > "if":
> > >
> > > location ~ ^(\/|\.html|\.jpg|\.php|\.png|\.css|\.ico|\.js|\.swf|\.gif|robots\.txt)$ {
> > >  return 444;
> > > }
> > >
> > > Also, double-check your regex.  It looks like you've misplaced your
> > > parens in the original, you have (^...)$ and it should be ^(...)$.


-- 
Igor Sysoev
http://sysoev.ru/en/

More information about the nginx mailing list