Hello,
I have this rule in apache that denies access to some extensions in
multiple locations.
I have this .htaccess in some folders like uploads, docs, pdfs.
Order allow,deny
Deny from all
How can I join this in one line to deny access in multiple folders for
these extensions?
I was trying this without success:
location ~ /(uploads/|docs/|pdfs/)*.(php|cgi|pl|php3|php4|php5)$ {
root /srv/www/portaldasviagens.com/public;
deny all;
}
Thanks
Posted at Nginx Forum:
On 7 Out 2010 17h07 WEST, [email protected] wrote:
How can I join this in one line to deny access in multiple folders
for these extensions?I was trying this without success:
location ~ /(uploads/|docs/|pdfs/)*.(php|cgi|pl|php3|php4|php5)$ {
root /srv/www/portaldasviagens.com/public;
deny all;
}
Well I would approach the problem from a different angle:
First I would enumerate which locations require a upstream, be it
another server or a FCGI process.
Then as my last location directive in the config file I would
place:
location ~* ^.+.(?:php[3-5]*|cgi|pl) {
return 404;
}
This way there’s no loophole for having PHP or Perl files being
executed outside of the specified locations.
— appa
On 7 Out 2010 17h07 WEST, [email protected] wrote:
How can I join this in one line to deny access in multiple folders
for these extensions?I was trying this without success:
location ~ /(uploads/|docs/|pdfs/)*.(php|cgi|pl|php3|php4|php5)$ {
root /srv/www/portaldasviagens.com/public;
deny all;
}
Oops I forgot the $ in the regex 
Here it is.
location ~* ^.+.(?:php[3-5]*|cgi|pl)$ {
return 404;
}
— appa
On Thu, Oct 07, 2010 at 12:07:59PM -0400, nfn wrote:
Hi there,
How can I join this in one line to deny access in multiple folders for
these extensions?I was trying this without success:
location ~ /(uploads/|docs/|pdfs/)*.(php|cgi|pl|php3|php4|php5)$ {
root /srv/www/portaldasviagens.com/public;
deny all;
}
Turn on “error_log” with “debug”, then try to access one of the urls
you want to have denied. Look for the log lines with “test location:”
and “using configuration”. That will tell you which location block is
being used for each request.
I suspect that the above regular expression does not match the locations
you want it to match. Specifically, the “*” probably wants a “.” before
it.
Good luck,
Francis D. [email protected]
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs