nginx location deny by file extension syntax

后端 未结 1 1694
独厮守ぢ
独厮守ぢ 2021-01-22 15:21

I wrote two different settings, one for denying access to dotfiles, and the other for denying access to a list of file extensions.

But, is there any syntax that could de

相关标签:
1条回答
  • 2021-01-22 16:10

    The nginx server uses straight pcre as the library for regular expressions; whatever pcre accepts, so should nginx.

    Some testing on OpenBSD with egrep(1) reveals:

    $ printf '/t.bak\n/t.bakk\n/t.zipp\n/a.zip\n/.ht\n/t.ht\n' |grep -E '\.(bak|zip)$|/\.' /t.bak /a.zip /.ht $

    But OpenBSD's egrep doesn't actually use pcre, but regcomp(3) instead! However, pcre does come with pcregrep, which does produce identical results:

    $ printf '/t.bak\n/t.bakk\n/t.zipp\n/a.zip\n/.ht\n/t.ht\n' |pcregrep '\.(bak|zip)$|/\.' /t.bak /a.zip /.ht $

    You could also try pcretest for testing the regular expressions (apparently, you must quote them with something like # there):

    $ pcretest
    PCRE version 8.30 2012-02-04
    
      re> #\.(bak|zip)$|/\.#
    data> /t.bak
     0: .bak
     1: bak
    data> /t.baki
    No match
    data> /.h
     0: /.
    data> ^D
    $

    I.e., to summarise: just concatenating the two expressions with | should work.

    location ~* \.(bak|zip)$|/\. {
        deny all;
    }
    

    However, for the sake of maintenance (and since you've had to ask this question in the first place), you might as well want to keep these expressions apart for a clearer overview of what the config is all about. (The two expressions apart might even be more efficient due to some kind of end-of-line optimisation than when merged together, but that's just a wild guess on my part.)

    0 讨论(0)
提交回复
热议问题