Instead of allowing all image files anywhere, and disallowing non-image file under /images/, only allow image files under /images/ and don't match non-image files elsewhere. They get proxied to web instead and result in a 404 there.
For example, the old config allowed /exports/foo.jpg to be served, while the new config does not.
Instead of allowing all image files anywhere, and disallowing non-image file under
/images/
, only allow image files under/images/
and don't match non-image files elsewhere. They get proxied to web instead and result in a 404 there.For example, the old config allowed
/exports/foo.jpg
to be served, while the new config does not.