On 26 Mai 2011 21h30 WEST, nginx-forum@nginx.us wrote:
> Thanks for the advice
>
> Seems strange that this isn't an easy thing to do. After all, ALL
> security advise always recommends whitelisting what you want and
> denying everything else!
The config with two regex locations nested did that. But if you're
asking for a *catch all* regex that blocks every other extension
besides css, js, &c, then you're thinking in terms of the
complement of the set of allowed extensions.
It's easier to enunciate the negative than the positivem due to the
fact that you're "searching" a wide space.
--- appa
> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,199902,201299#msg-201299
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx