Welcome! Log In Create A New Profile

Advanced

Re: Sanity check of my config - is it secure?

António P. P. Almeida
May 26, 2011 03:34PM
On 26 Mai 2011 20h22 WEST, nginx-forum@nginx.us wrote:

Your're letting the reverse logical style of mod_rewrite and .htaccess
color your perception.

In Nginx things operate in a forward logical way:

1. Define which extensions you want to allow, e.g.:

location ~* \.(?:jpe?g|png|ico|gif|css|js|) {
# serve the files
}

location ~* (which extensions are going to be blocked) {
return 444;
}

Mind you that relying solely on the file extension is a rather weak
way of filtering files. You can tamper the file magic number quite
easily.

> Can anyone help with the above request, regarding checking if a
> filename DOESNT match the whitelist above (block all other
> filetypes)

--- appa


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Subject Author Posted

Sanity check of my config - is it secure?

benseb May 22, 2011 10:56AM

Re: Sanity check of my config - is it secure?

vesperto May 22, 2011 12:50PM

Re: Sanity check of my config - is it secure?

benseb May 22, 2011 01:24PM

Re: Sanity check of my config - is it secure?

Justin Cormack May 22, 2011 01:38PM

Re: Sanity check of my config - is it secure?

benseb May 22, 2011 02:37PM

Re: Sanity check of my config - is it secure?

Igor Sysoev May 27, 2011 01:40AM

Re: Sanity check of my config - is it secure?

benseb May 26, 2011 03:22PM

Re: Sanity check of my config - is it secure?

António P. P. Almeida May 26, 2011 03:34PM

Re: Sanity check of my config - is it secure?

benseb May 26, 2011 03:36PM

Re: Sanity check of my config - is it secure?

António P. P. Almeida May 26, 2011 03:48PM

Re: Sanity check of my config - is it secure?

benseb May 26, 2011 03:49PM

Re: Sanity check of my config - is it secure?

benseb May 26, 2011 04:10PM

Re: Sanity check of my config - is it secure?

António P. P. Almeida May 26, 2011 04:02PM

Re: Sanity check of my config - is it secure?

vesperto May 26, 2011 04:06PM

Re: Sanity check of my config - is it secure?

António P. P. Almeida May 26, 2011 04:20PM

Re: Sanity check of my config - is it secure?

António P. P. Almeida May 26, 2011 04:22PM

Re: Sanity check of my config - is it secure?

benseb May 26, 2011 04:30PM

Re: Sanity check of my config - is it secure?

António P. P. Almeida May 26, 2011 04:44PM

Re: Sanity check of my config - is it secure?

Aaron Starr May 26, 2011 05:08PM

Re: Sanity check of my config - is it secure?

benseb May 26, 2011 05:09PM

Re: Sanity check of my config - is it secure?

António P. P. Almeida May 26, 2011 04:26PM

Re: Sanity check of my config - is it secure?

Igor Sysoev May 27, 2011 01:42AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 66
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready