Sanity check of my config - is it secure?

António P. P. Almeida appa at
Thu May 26 23:59:31 MSD 2011

On 26 Mai 2011 20h49 WEST, nginx-forum at wrote:

> I presume in that case, if there was a script and no interpreter, it
> would just display the contents of the file - which again could be a
> security risk.

> So I need to perhaps limit the mime types that can be served, or the
> file extensions - which ever is most secure?

Do both. That's my advice. Regarding the later, something along the
lines of:

location ^~ /static_files_dir/ {
  location ~* /static_files_dir/.+\.(?:jpe?g|png|gif|ico|css|js)$ {
     expires 30d;

  location ~* /static_files_dir/.*\.php$ {
     return 444; # return an empty response for a php file

--- appa

More information about the nginx mailing list