<div><br></div>Without actually testing anything, can't you do something like this:<div><br></div><div><br></div><div>location ~* \.(jpe?g|png|gif)$ {</div><div>}</div><div><br></div><div>location / {</div><div> return 444;</div>
<div>}</div><div><br></div><div>I.e., if the extension looks like an image, handle it normally. Otherwise, in the normal case, return 444 (or whatever error code is appropriate).</div><div><br></div><div>Aaron</div><div>
<br>
<br><div class="gmail_quote">On Thu, May 26, 2011 at 1:42 PM, António P. P. Almeida <span dir="ltr"><<a href="mailto:appa@perusio.net">appa@perusio.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">On 26 Mai 2011 21h30 WEST, <a href="mailto:nginx-forum@nginx.us">nginx-forum@nginx.us</a> wrote:<br>
<br>
> Thanks for the advice<br>
><br>
> Seems strange that this isn't an easy thing to do. After all, ALL<br>
> security advise always recommends whitelisting what you want and<br>
> denying everything else!<br>
<br>
</div>The config with two regex locations nested did that. But if you're<br>
asking for a *catch all* regex that blocks every other extension<br>
besides css, js, &c, then you're thinking in terms of the<br>
complement of the set of allowed extensions.<br>
<br>
It's easier to enunciate the negative than the positivem due to the<br>
fact that you're "searching" a wide space.<br>
<font color="#888888"><br>
--- appa<br>
</font><div><div></div><div class="h5"><br>
<br>
<br>
<br>
> Posted at Nginx Forum:<br>
> <a href="http://forum.nginx.org/read.php?2,199902,201299#msg-201299" target="_blank">http://forum.nginx.org/read.php?2,199902,201299#msg-201299</a><br>
><br>
><br>
> _______________________________________________<br>
> nginx mailing list<br>
> <a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
> <a href="http://nginx.org/mailman/listinfo/nginx" target="_blank">http://nginx.org/mailman/listinfo/nginx</a><br>
<br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<a href="http://nginx.org/mailman/listinfo/nginx" target="_blank">http://nginx.org/mailman/listinfo/nginx</a><br>
</div></div></blockquote></div><br></div>