Welcome! Log In Create A New Profile


ngx_http_dav_module disable_symlink question

Eckart Haufler
July 26, 2022 03:42AM
We want to use the ngx_http_dav_module with the nginx server (1.21) on a linux machine.
For security reasons, we would like to forbid to follow symbol links (e.g. for the case of accidental symbol links to directories like root / ).
The nginx directive “disable_symlinks“ looked promising. It suppresses the download of files, but “MOVE” or “DELETE” seems not to be blocked.
Also the documentation says “ngx_http_autoindex_modulehttp://nginx.org/en/docs/http/ngx_http_autoindex_module.html, ngx_http_random_index_modulehttp://nginx.org/en/docs/http/ngx_http_random_index_module.html, and ngx_http_dav_modulehttp://nginx.org/en/docs/http/ngx_http_dav_module.html modules currently ignore this directive.”
Is this planned or resolved on some newer release branches – or are there other settings to achieve better protection?

Thanks for any hints!
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org
Subject Author Views Posted

ngx_http_dav_module disable_symlink question

Eckart Haufler 292 July 26, 2022 03:42AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 88
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready