nginx位置通过文件扩展名语法拒绝 [英] nginx location deny by file extension syntax
问题描述
我写了两种不同的设置,一种用于拒绝访问点文件,另一种用于拒绝访问文件扩展名列表.
I wrote two different settings, one for denying access to dotfiles, and the other for denying access to a list of file extensions.
但是,在其他文件扩展名列表中,是否有任何语法可以拒绝点文件?
But, is there any syntax that could deny dotfiles in the list of other file extensions?
location ~* \.(7z|bak|bash|bz2|config|dist|engine|fla|git|gz|inc|inc|info|ini|install|iso|log|make|module|profile|psd|py|rar|rb|sh|sql|swp|tar|zip)$ {
deny all;
}
location ~ /\. { deny all; access_log off; log_not_found off; }
推荐答案
The nginx server uses straight pcre as the library for regular expressions; whatever pcre accepts, so should nginx.
使用 egrep(1) 在OpenBSD上进行的一些测试显示:
Some testing on OpenBSD with egrep(1) reveals:
$ printf '/t.bak\n/t.bakk\n/t.zipp\n/a.zip\n/.ht\n/t.ht\n' |grep -E '\.(bak|zip)$|/\.'
/t.bak
/a.zip
/.ht
$
$ printf '/t.bak\n/t.bakk\n/t.zipp\n/a.zip\n/.ht\n/t.ht\n' |grep -E '\.(bak|zip)$|/\.'
/t.bak
/a.zip
/.ht
$
但是 OpenBSD的egrep 实际上并没有使用pcre,但 regcomp(3) 代替!但是,pcre确实随附了pcregrep,它确实产生了相同的结果:
But OpenBSD's egrep doesn't actually use pcre, but regcomp(3) instead! However, pcre does come with pcregrep, which does produce identical results:
$ printf '/t.bak\n/t.bakk\n/t.zipp\n/a.zip\n/.ht\n/t.ht\n' |pcregrep '\.(bak|zip)$|/\.'
/t.bak
/a.zip
/.ht
$
$ printf '/t.bak\n/t.bakk\n/t.zipp\n/a.zip\n/.ht\n/t.ht\n' |pcregrep '\.(bak|zip)$|/\.'
/t.bak
/a.zip
/.ht
$
您还可以尝试使用pcretest来测试正则表达式(显然,您必须在其中引用类似#的内容):
You could also try pcretest for testing the regular expressions (apparently, you must quote them with something like # there):
$ pcretest
PCRE version 8.30 2012-02-04
re> #\.(bak|zip)$|/\.#
data> /t.bak
0: .bak
1: bak
data> /t.baki
No match
data> /.h
0: /.
data> ^D
$即,总结一下:仅将两个表达式与|连接应该会起作用.
I.e., to summarise: just concatenating the two expressions with | should work.
location ~* \.(bak|zip)$|/\. {
deny all;
}
但是,为了维护起见(并且由于您不得不首先问这个问题),您可能还希望将这些表达式分开,以更清晰地了解配置的全部含义. (由于合并后的某种形式的行尾优化,这两个表达式甚至可能比合并在一起时更有效,但这对我来说只是一个疯狂的猜测.)
However, for the sake of maintenance (and since you've had to ask this question in the first place), you might as well want to keep these expressions apart for a clearer overview of what the config is all about. (The two expressions apart might even be more efficient due to some kind of end-of-line optimisation than when merged together, but that's just a wild guess on my part.)
这篇关于nginx位置通过文件扩展名语法拒绝的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
