I am using nginx and PHP, and want to allow images to be uploaded by my users, and placed into a public web accessible directory.
I currently have this rule defined:
location ~ /uploads {
location ~ \.(jpg|gif|png)$ {}
deny all;
}
If it's not a .jpg, .gif, or .png, then deny access to it.
That directory (/var/www/public/uploads
) has permissions set to 744
.
However, I don't know enough about various vulnerabilities with uploaded images to try my own exploits.
Ideally I'd like to make sure that anything ending in jpg, gif, or png is treated like the respective mime-type, so that no script interpreter will even attempt to execute it.
How do I accomplish this?