Sanity check of my config - is it secure?

António P. P. Almeida appa at
Thu May 26 23:32:10 MSD 2011

On 26 Mai 2011 20h22 WEST, nginx-forum at wrote:

Your're letting the reverse logical style of mod_rewrite and .htaccess
color your perception.

In Nginx things operate in a forward logical way:

1. Define which extensions you want to allow, e.g.:

location ~* \.(?:jpe?g|png|ico|gif|css|js|) {
  # serve the files

location ~* (which extensions are going to be blocked) {
 return 444;

Mind you that relying solely on the file extension is a rather weak
way of filtering files. You can tamper the file magic number quite

> Can anyone help with the above request, regarding checking if a
> filename DOESNT match the whitelist above (block all other
> filetypes)

--- appa

More information about the nginx mailing list