Sanity check of my config - is it secure?

António P. P. Almeida appa at
Fri May 27 00:20:57 MSD 2011

On 26 Mai 2011 21h10 WEST, nginx-forum at wrote:

> Thanks people
> So there's no way to say "If the file ISNT a jpeg/gif/css/js"
> deny. The only way is to say 'if .php' deny, 'if .txt deny' etc?
> I'd prefer to whitelist the files i DO want to return and block
> everything else, incase I forget something to block?

Try this: 

location ~* /static_files_dir/(?:[^.]*)\.(?<extension>.*)$ {
  if ($extension !~ (jpe?g|png|gif|ico|css|js)) {
    return 444;

It's rather ugly :(

--- appa

PS: No need to use ?: in the if condition.

More information about the nginx mailing list