Sanity check of my config - is it secure?

[Igor Sysoev]

On Thu, May 26, 2011 at 04:10:23PM -0400, benseb wrote:
> Thanks people
> 
> So there's no way to say "If the file ISNT a jpeg/gif/css/js" deny. The
> only way is to say 'if .php' deny, 'if .txt deny' etc?
> 
> I'd prefer to whitelist the files i DO want to return and block
> everything else, incase I forget something to block?

As it was already suggested:

location ~* \.(jpe?g|png|gif)$ {
   root  ...
}

location / {
   return 444;
}


-- 
Igor Sysoev