Sanity check of my config - is it secure?

[benseb]

For our static subdomain (which should only serve static content) I'd
like to add a whitelist of content - so if the filename doesn't match
jpg/png/gif/css/js etc it will return a 444

What's the correct syntax to do this:


location !~* \.(?:ico|css|js|gif|jpe?g|png)$ {
               #dont serve any other files
               return 444;
       }

The above doesnt work as !~* isn't allowed. What the best way to say
"not one of the following extensions". All the examples in the
documenation are the opposite?

Cheers

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,199902,199950#msg-199950