Sanity check of my config - is it secure?
António P. P. Almeida
appa at perusio.net
Thu May 26 23:59:31 MSD 2011
On 26 Mai 2011 20h49 WEST, nginx-forum at nginx.us wrote:
> I presume in that case, if there was a script and no interpreter, it
> would just display the contents of the file - which again could be a
> security risk.
> So I need to perhaps limit the mime types that can be served, or the
> file extensions - which ever is most secure?
Do both. That's my advice. Regarding the later, something along the
lines of:
location ^~ /static_files_dir/ {
location ~* /static_files_dir/.+\.(?:jpe?g|png|gif|ico|css|js)$ {
expires 30d;
}
location ~* /static_files_dir/.*\.php$ {
return 444; # return an empty response for a php file
}
}
--- appa
More information about the nginx
mailing list