On Thu, Feb 20, 2014 at 05:58:05AM -0800, Grant wrote:
Hi there,
location ~ ^(?!installer)(.?[^.]+)$ {
deny all;
}
Alternatively: what request do you make? What response do you expect? And
what is the regex above intended to do?
I actually got these apache deny directives from the roundcube list.
Possibly the roundcube list will be able to explain, in words, what the
intention is.
Then someone may be able to translate those words into an nginx config
fragment.
I don’t have a more specific idea of what this one is supposed to do
beyond “securing things”. I’m not very good with regex and I was
hoping someone here would see the problem.
The problem is that the regex matches requests that you don’t want it
to match – that much is straightforward.
Since this is intended to be a security thing, it’s probably better not
to try to guess what the author might have meant.
(It currently is secure, sort of – you can’t get at the urls they
intended to block.)
Does it make sense that
this would work in apache but not in nginx?
Yes; the two programs have different expectations of their
configuration.
In nginx, for example, all user requests will start with “/”, so any
regex
that requires anything other than “/” as the first character will fail.
In apache, some regexes don’t have that requirement.
(Or maybe that’s incorrect – check with an apache person if it
matters.)
f
Francis D. [email protected]