Welcome! Log In Create A New Profile

Advanced

Allow only images from directories - are these internal @locations allowed/safe?

Posted by talkingnews 
Allow only images from directories - are these internal @locations allowed/safe?
December 05, 2011 04:14PM
I followed this guide:
http://sleepycode.com/2010/11/disabling-php-files-in-wordpress-upload-when-using-nginx/

But the way he did it seemed to repeat a lot of code. I have about 8 locations from which ONLY image files should be downloaded.

This is what I now have in my conf file - is this valid, safe, and the best way of doing things?

The only way I can think to do this is to try for a non-existent file. As that file doesn't exist, it redirects to be handled by the @protected block and
php files get specifically 403'd. And if it does, the worst that can happen is that someone can download nothing.txt

I have this feeling there's a far better way - including the ability to deny ALL files except those 3 image types. But if not (and 2 hours of RTFM and googling hasn't found a result yet), is my way safe?

*********************************************************
# Locations only images should be served from
location ~ /images { try_files nothing.txt @protected; location ~ \.php$ { return 403; } }
location ~ /editors { try_files nothing.txt @protected; location ~ \.php$ { return 403; } }

location @protected {
types {
image/gif gif;
image/jpeg jpeg jpg;
image/png png;
}
default_type application/octet-stream;
}
*********************************************************

And while I'm here, can I just check...

*********************************************************
# Inaccessible locations
location ~ /includes/.*\.php$ { return 403; }
location ~ /backups { return 403; }
location ~ /logs { return 403; }
*********************************************************

The above seems to block access to ALL include/backup/log directories, whatever their path, which is perfect for what I want. But is it safe?
Re: Allow only images from directories - are these internal @locations allowed/safe?
December 08, 2011 02:06PM
Great start of business I appreciate it please care of it as a guide but in other words it has great information about the topic in which it has fully confidenceā€¦
[url=www.perthbusinessvaluations.com.au/]Business Valuations[/url]
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 71
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready