Disable image execution as script in Nginx



This isn’t well documented anywhere for nginx. In fact it is sorta hidden and hard to find. Nginx does support a way for me to disable php from being executed in my uploads directory.
The way I came across actually I am loving, as I am able to control how content is handled actually. This is a plus on the server admins end.

                # Only allow images to be viewed.
                location /wordpress/wp-content/uploads/
                                image/gif       gif;
                                image/jpeg      jpeg jpg;
                                image/png       png;
                                text/plain      txt;

                        default_type    application/octet-stream;

                        location ~ \.php$

Simply put, I setup a location to only run on my uploads directory. Then I change the types and only defined jpg, gif and png. All other files get sent as a download. Finally since I run php as fastcgi, I setup a nested location to run for php files and tell it to stop evaluating rules.

In fact, this is all actually nested in my primary location /. I did it this way as it worked the easiest. Although I am sure I could remove that nesting.


Leave a Reply