Sanity check of my config - is it secure?

António P. P. Almeida appa at perusio.net
Thu May 26 23:46:50 MSD 2011


On 26 Mai 2011 20h36 WEST, nginx-forum at nginx.us wrote:

> Thanks, in your opinion what's the best way to approach this? I
> basically want to ensure that our static.domain.com subdomain ONLY
> servers image/js/css files.
>
> Whilst I have set 'location' for only the folders which have images,
> etc in, I want to ensure that if someone put a script into one of
> those directories, it would not be executed.

If I understood correctly: there's no need to worry then. If there's
no embedded interpreter (Perl/Lua) or a fastcgi backend configured on
that vhost. There's no way that someone will be able to run a script
from the web there.

--- appa




More information about the nginx mailing list