Deny access per extension in multiple locations

Hello,

I have this rule in apache that denies access to some extensions in
multiple locations.
I have this .htaccess in some folders like uploads, docs, pdfs.

Order allow,deny
Deny from all

How can I join this in one line to deny access in multiple folders for
these extensions?

I was trying this without success:

location ~ /(uploads/|docs/|pdfs/)*.(php|cgi|pl|php3|php4|php5)$ {
root /srv/www/portaldasviagens.com/public;
deny all;
}

Thanks

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,138179,138179#msg-138179

On 7 Out 2010 17h07 WEST, [email protected] wrote:

How can I join this in one line to deny access in multiple folders
for these extensions?

I was trying this without success:

location ~ /(uploads/|docs/|pdfs/)*.(php|cgi|pl|php3|php4|php5)$ {
root /srv/www/portaldasviagens.com/public;
deny all;
}

Well I would approach the problem from a different angle:

  1. First I would enumerate which locations require a upstream, be it
    another server or a FCGI process.

  2. Then as my last location directive in the config file I would
    place:

location ~* ^.+.(?:php[3-5]*|cgi|pl) {
return 404;
}

This way there’s no loophole for having PHP or Perl files being
executed outside of the specified locations.

— appa

On 7 Out 2010 17h07 WEST, [email protected] wrote:

How can I join this in one line to deny access in multiple folders
for these extensions?

I was trying this without success:

location ~ /(uploads/|docs/|pdfs/)*.(php|cgi|pl|php3|php4|php5)$ {
root /srv/www/portaldasviagens.com/public;
deny all;
}

Oops I forgot the $ in the regex :frowning: Here it is.

location ~* ^.+.(?:php[3-5]*|cgi|pl)$ {
return 404;
}

— appa

On Thu, Oct 07, 2010 at 12:07:59PM -0400, nfn wrote:

Hi there,

How can I join this in one line to deny access in multiple folders for
these extensions?

I was trying this without success:

location ~ /(uploads/|docs/|pdfs/)*.(php|cgi|pl|php3|php4|php5)$ {
root /srv/www/portaldasviagens.com/public;
deny all;
}

Turn on “error_log” with “debug”, then try to access one of the urls
you want to have denied. Look for the log lines with “test location:”
and “using configuration”. That will tell you which location block is
being used for each request.

I suspect that the above regular expression does not match the locations
you want it to match. Specifically, the “*” probably wants a “.” before
it.

Good luck,

f

Francis D. [email protected]

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs