Welcome! Log In Create A New Profile

Re: Sanity check of my config - is it secure?

Forum List Message List New Topic Print View

Aaron Starr

May 26, 2011 05:08PM

Without actually testing anything, can't you do something like this:

location ~* \.(jpe?g|png|gif)$ {
}

location / {
return 444;
}

I.e., if the extension looks like an image, handle it normally. Otherwise,
in the normal case, return 444 (or whatever error code is appropriate).

Aaron

On Thu, May 26, 2011 at 1:42 PM, António P. P. Almeida <appa@perusio.net>wrote:

> On 26 Mai 2011 21h30 WEST, nginx-forum@nginx.us wrote:
>
> > Thanks for the advice
> >
> > Seems strange that this isn't an easy thing to do. After all, ALL
> > security advise always recommends whitelisting what you want and
> > denying everything else!
>
> The config with two regex locations nested did that. But if you're
> asking for a *catch all* regex that blocks every other extension
> besides css, js, &c, then you're thinking in terms of the
> complement of the set of allowed extensions.
>
> It's easier to enunciate the negative than the positivem due to the
> fact that you're "searching" a wide space.
>
> --- appa
>
>
>
>
> > Posted at Nginx Forum:
> > http://forum.nginx.org/read.php?2,199902,201299#msg-201299
> >
> >
> > _______________________________________________
> > nginx mailing list
> > nginx@nginx.org
> > http://nginx.org/mailman/listinfo/nginx
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
Sanity check of my config - is it secure?	benseb	May 22, 2011 10:56AM
Re: Sanity check of my config - is it secure?	vesperto	May 22, 2011 12:50PM
Re: Sanity check of my config - is it secure?	benseb	May 22, 2011 01:24PM
Re: Sanity check of my config - is it secure?	Justin Cormack	May 22, 2011 01:38PM
Re: Sanity check of my config - is it secure?	benseb	May 22, 2011 02:37PM
Re: Sanity check of my config - is it secure?	Igor Sysoev	May 27, 2011 01:40AM
Re: Sanity check of my config - is it secure?	benseb	May 26, 2011 03:22PM
Re: Sanity check of my config - is it secure?	António P. P. Almeida	May 26, 2011 03:34PM
Re: Sanity check of my config - is it secure?	benseb	May 26, 2011 03:36PM
Re: Sanity check of my config - is it secure?	António P. P. Almeida	May 26, 2011 03:48PM
Re: Sanity check of my config - is it secure?	benseb	May 26, 2011 03:49PM
Re: Sanity check of my config - is it secure?	benseb	May 26, 2011 04:10PM
Re: Sanity check of my config - is it secure?	António P. P. Almeida	May 26, 2011 04:02PM
Re: Sanity check of my config - is it secure?	vesperto	May 26, 2011 04:06PM
Re: Sanity check of my config - is it secure?	António P. P. Almeida	May 26, 2011 04:20PM
Re: Sanity check of my config - is it secure?	António P. P. Almeida	May 26, 2011 04:22PM
Re: Sanity check of my config - is it secure?	benseb	May 26, 2011 04:30PM
Re: Sanity check of my config - is it secure?	António P. P. Almeida	May 26, 2011 04:44PM
Re: Sanity check of my config - is it secure?	Aaron Starr	May 26, 2011 05:08PM
Re: Sanity check of my config - is it secure?	benseb	May 26, 2011 05:09PM
Re: Sanity check of my config - is it secure?	António P. P. Almeida	May 26, 2011 04:26PM
Re: Sanity check of my config - is it secure?	Igor Sysoev	May 27, 2011 01:42AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 171

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018