Sanity check of my config - is it secure?

benseb · May 27, 2011, 7:41am

On Thu, May 26, 2011 at 04:10:23PM -0400, benseb wrote:

Thanks people

So there’s no way to say “If the file ISNT a jpeg/gif/css/js” deny. The
only way is to say ‘if .php’ deny, ‘if .txt deny’ etc?

I’d prefer to whitelist the files i DO want to return and block
everything else, incase I forget something to block?

As it was already suggested:

location ~* .(jpe?g|png|gif)$ {
root …
}

location / {
return 444;
}

–
Igor S.

benseb · May 27, 2011, 7:39am

On Sun, May 22, 2011 at 05:48:42PM +0100, Nuno Magalhes wrote:

^~ /(applets|css)/
The lesser regex locaitons you have in configuraiton is the better.
The best case is zero regex locations.

–
Igor S.