Sanity check of my config - is it secure?
António P. P. Almeida
appa at perusio.net
Fri May 27 00:42:55 MSD 2011
On 26 Mai 2011 21h30 WEST, nginx-forum at nginx.us wrote:
> Thanks for the advice
>
> Seems strange that this isn't an easy thing to do. After all, ALL
> security advise always recommends whitelisting what you want and
> denying everything else!
The config with two regex locations nested did that. But if you're
asking for a *catch all* regex that blocks every other extension
besides css, js, &c, then you're thinking in terms of the
complement of the set of allowed extensions.
It's easier to enunciate the negative than the positivem due to the
fact that you're "searching" a wide space.
--- appa
> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,199902,201299#msg-201299
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
More information about the nginx
mailing list