Hi, We want to use the ngx_http_dav_module with the nginx server (1.21) on a linux machine. For security reasons, we would like to forbid to follow symbol links (e.g. for the case of accidental symbol links to directories like root / ). The nginx directive “disable_symlinks“ looked promising. It suppresses the download of files, but “MOVE” or “DELETE” seems not to be blocked. Also the documentation says “ngx_http_autoindex_module<http://nginx.org/en/docs/http/ngx_http_autoindex_module.html>, ngx_http_random_index_module<http://nginx.org/en/docs/http/ngx_http_random_index_module.html>, and ngx_http_dav_module<http://nginx.org/en/docs/http/ngx_http_dav_module.html> modules currently ignore this directive.” Is this planned or resolved on some newer release branches – or are there other settings to achieve better protection?
Thanks for any hints! Eckart
_______________________________________________ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
