Sanity check of my config - is it secure?
António P. P. Almeida
appa at perusio.net
Thu May 26 23:32:10 MSD 2011
On 26 Mai 2011 20h22 WEST, nginx-forum at nginx.us wrote:
Your're letting the reverse logical style of mod_rewrite and .htaccess
color your perception.
In Nginx things operate in a forward logical way:
1. Define which extensions you want to allow, e.g.:
location ~* \.(?:jpe?g|png|ico|gif|css|js|) {
# serve the files
}
location ~* (which extensions are going to be blocked) {
return 444;
}
Mind you that relying solely on the file extension is a rather weak
way of filtering files. You can tamper the file magic number quite
easily.
> Can anyone help with the above request, regarding checking if a
> filename DOESNT match the whitelist above (block all other
> filetypes)
--- appa
More information about the nginx
mailing list