Deny access per extension in multiple locations
António P. P. Almeida
appa at perusio.net
Thu Oct 7 20:35:13 MSD 2010
On 7 Out 2010 17h07 WEST, nginx-forum at nginx.us wrote:
> Hello,
>
> I have this rule in apache that denies access to some extensions in
> multiple locations.
> I have this .htaccess in some folders like uploads, docs, pdfs.
>
>
> Order allow,deny
> Deny from all
>
>
> How can I join this in one line to deny access in multiple folders
> for these extensions?
>
> I was trying this without success:
>
> location ~ /(uploads/|docs/|pdfs/)*\.(php|cgi|pl|php3|php4|php5)$ {
> root /srv/www/portaldasviagens.com/public;
> deny all;
> }
Well I would approach the problem from a different angle:
1. First I would enumerate which locations require a upstream, be it
another server or a FCGI process.
2. Then as my last location directive in the config file I would
place:
location ~* ^.+\.(?:php[3-5]*|cgi|pl) {
return 404;
}
This way there's no loophole for having PHP or Perl files being
executed outside of the specified locations.
--- appa
More information about the nginx
mailing list