Welcome! Log In Create A New Profile

Re: Sanity check of my config - is it secure?

Forum List Message List New Topic Print View

António P. P. Almeida

May 26, 2011 03:34PM

On 26 Mai 2011 20h22 WEST, nginx-forum@nginx.us wrote:

Your're letting the reverse logical style of mod_rewrite and .htaccess
color your perception.

In Nginx things operate in a forward logical way:

1. Define which extensions you want to allow, e.g.:

location ~* \.(?:jpe?g|png|ico|gif|css|js|) {
# serve the files
}

location ~* (which extensions are going to be blocked) {
return 444;
}

Mind you that relying solely on the file extension is a rather weak
way of filtering files. You can tamper the file magic number quite
easily.

> Can anyone help with the above request, regarding checking if a
> filename DOESNT match the whitelist above (block all other
> filetypes)

--- appa

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
Sanity check of my config - is it secure?	benseb	May 22, 2011 10:56AM
Re: Sanity check of my config - is it secure?	vesperto	May 22, 2011 12:50PM
Re: Sanity check of my config - is it secure?	benseb	May 22, 2011 01:24PM
Re: Sanity check of my config - is it secure?	Justin Cormack	May 22, 2011 01:38PM
Re: Sanity check of my config - is it secure?	benseb	May 22, 2011 02:37PM
Re: Sanity check of my config - is it secure?	Igor Sysoev	May 27, 2011 01:40AM
Re: Sanity check of my config - is it secure?	benseb	May 26, 2011 03:22PM
Re: Sanity check of my config - is it secure?	António P. P. Almeida	May 26, 2011 03:34PM
Re: Sanity check of my config - is it secure?	benseb	May 26, 2011 03:36PM
Re: Sanity check of my config - is it secure?	António P. P. Almeida	May 26, 2011 03:48PM
Re: Sanity check of my config - is it secure?	benseb	May 26, 2011 03:49PM
Re: Sanity check of my config - is it secure?	benseb	May 26, 2011 04:10PM
Re: Sanity check of my config - is it secure?	António P. P. Almeida	May 26, 2011 04:02PM
Re: Sanity check of my config - is it secure?	vesperto	May 26, 2011 04:06PM
Re: Sanity check of my config - is it secure?	António P. P. Almeida	May 26, 2011 04:20PM
Re: Sanity check of my config - is it secure?	António P. P. Almeida	May 26, 2011 04:22PM
Re: Sanity check of my config - is it secure?	benseb	May 26, 2011 04:30PM
Re: Sanity check of my config - is it secure?	António P. P. Almeida	May 26, 2011 04:44PM
Re: Sanity check of my config - is it secure?	Aaron Starr	May 26, 2011 05:08PM
Re: Sanity check of my config - is it secure?	benseb	May 26, 2011 05:09PM
Re: Sanity check of my config - is it secure?	António P. P. Almeida	May 26, 2011 04:26PM
Re: Sanity check of my config - is it secure?	Igor Sysoev	May 27, 2011 01:42AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 289

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018