Sanity check of my config - is it secure?
António P. P. Almeida
appa at perusio.net
Fri May 27 00:23:33 MSD 2011
On 26 Mai 2011 21h10 WEST, nginx-forum at nginx.us wrote:
> Thanks people
>
> So there's no way to say "If the file ISNT a jpeg/gif/css/js"
> deny. The only way is to say 'if .php' deny, 'if .txt deny' etc?
>
> I'd prefer to whitelist the files i DO want to return and block
> everything else, incase I forget something to block?
>
Try this:
location ~* /static_files_dir/(?:[^.]*)\.(?<extension>.*)$ {
if ($extension !~ (jpe?g|png|gif|ico|css|js)) {
return 444;
}
}
It's rather ugly :(
--- appa
PS: No need to use ?: in the if condition.
PPS: Note that if the filenames have dots '.' in them the above regex
will fail to capture the extension correctly. You're opening a can of
worms config wise when going down this path.
More information about the nginx
mailing list