On nginx I'm trying to allow only some extensions and deny all the others like gif,zip,exe,php for a given subtree.
I'd like to use a regular expression to define the allowed extensions.
Here's my try using a negative look ahead:
location /wp-content/userimages/ {
location ~* (\.(?!(jpg|png|jpeg)))$ {
deny all;;
}
}
The (\.(?!(jpg|png|jpeg)))$ regex matches a . at the end of the input as there is no consuming pattern between \. and $. You need to add a consuming pattern for the extension, e.g. [^.]+ that matches any 1+ chars other than .:
\.(?!(png|jpe?g)$)[^.]+$
Note I shrank the jpeg|jpg into jpe?g and added the end of string check to the lookahead so that extensions starting with the forbidden extensions (like png2 (if you ever come across it)) could be matched and png could not.