httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sl...@apache.org
Subject svn commit: r432997 - in /httpd/httpd/trunk/docs/manual/mod: mod_alias.html.en mod_alias.xml
Date Sun, 20 Aug 2006 18:08:44 GMT
Author: slive
Date: Sun Aug 20 11:08:43 2006
New Revision: 432997

URL: http://svn.apache.org/viewvc?rev=432997&view=rev
Log:
Make it clear that url-path is always case-sensitive.
Provide an example of using a regex to make it case-insensitive.
Make it clear that ScriptAlias is only used when you want
BOTH mapping and script-designation.

Partially in response to the disputed vulnerability:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4110

Modified:
    httpd/httpd/trunk/docs/manual/mod/mod_alias.html.en
    httpd/httpd/trunk/docs/manual/mod/mod_alias.xml

Modified: httpd/httpd/trunk/docs/manual/mod/mod_alias.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_alias.html.en?rev=432997&r1=432996&r2=432997&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_alias.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_alias.html.en Sun Aug 20 11:08:43 2006
@@ -118,7 +118,9 @@
     be stored in the local filesystem other than under the 
     <code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code>.
URLs with a
     (%-decoded) path beginning with <var>url-path</var> will be mapped
-    to local files beginning with <var>directory-path</var>.</p>
+    to local files beginning with <var>directory-path</var>.  The 
+    <var>url-path</var> is case-sensitive, even on case-insenitive 
+    file systems.</p>
 
     <div class="example"><h3>Example:</h3><p><code>
       Alias /image /ftp/pub/image
@@ -184,6 +186,14 @@
       AliasMatch ^/icons(.*) /usr/local/apache/icons$1
     </code></p></div>
 
+    <p>It is also possible to construct an alias with case-insensitive
+    matching of the url-path:</p>
+
+    <div class="example"><p><code>
+      AliasMatch (?i)^/image(.*) /ftp/pub/image$1
+    </code></p></div>
+
+
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
 <div class="directive-section"><h2><a name="Redirect" id="Redirect">Redirect</a>
<a name="redirect" id="redirect">Directive</a></h2>
@@ -200,12 +210,12 @@
     <p>The Redirect directive maps an old URL into a new one by asking
     the client to refetch the resource at the new location.</p>
 
-    <p>The old <em>URL-path</em> is a (%-decoded) path beginning with
-    a slash.  A relative path is not allowed.  The new <em>URL</em>
-    should be an absolute URL beginning with a scheme and hostname,
-    but a URL-path beginning with a slash may also be used, in which
-    case the scheme and hostname of the current server will be
-    added.</p>
+    <p>The old <em>URL-path</em> is a case-sensitive (%-decoded) path
+    beginning with a slash.  A relative path is not allowed.  The new
+    <em>URL</em> should be an absolute URL beginning with a scheme and
+    hostname, but a URL-path beginning with a slash may also be used,
+    in which case the scheme and hostname of the current server will
+    be added.</p>
 
     <p>Then any request beginning with <em>URL-Path</em> will return a
     redirect request to the client at the location of the target
@@ -342,9 +352,9 @@
     <p>The <code class="directive">ScriptAlias</code> directive has the
same
     behavior as the <code class="directive"><a href="#alias">Alias</a></code>
     directive, except that in addition it marks the target directory
-    as containing CGI scripts that will be processed by <code class="module"><a
href="../mod/mod_cgi.html">mod_cgi</a></code>'s cgi-script handler. URLs with
a
+    as containing CGI scripts that will be processed by <code class="module"><a
href="../mod/mod_cgi.html">mod_cgi</a></code>'s cgi-script handler. URLs with
a case-sensitive
     (%-decoded) path beginning with <var>URL-path</var> will be mapped
-    to scripts beginning with the second argument which is a full
+    to scripts beginning with the second argument, which is a full
     pathname in the local filesystem.</p>
 
     <div class="example"><h3>Example:</h3><p><code>
@@ -352,8 +362,34 @@
     </code></p></div>
 
     <p>A request for <code>http://myserver/cgi-bin/foo</code> would cause
the
-    server to run the script <code>/web/cgi-bin/foo</code>.</p>
+    server to run the script <code>/web/cgi-bin/foo</code>.  This configuration
+    is essentially equivalent to:</p>
+    <div class="example"><p><code>
+      Alias /cgi-bin/ /web/cgi-bin/<br />
+      &lt;Directory /web/cgi-bin &gt;<br />
+      <span class="indent">
+      SetHandler cgi-script<br />
+      Options +ExecCGI<br />
+      </span>
+      &lt;/Directory&gt;
+    </code></p></div>
 
+    <div class="note">It is safer to avoid placing CGI scripts under the
+    <code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code>
in order to
+    avoid accidentally revealing their source code if the
+    configuration is ever changed.  The
+    <code class="directive">ScriptAlias</code> makes this easy by mapping a
+    URL and designating CGI scripts at the same time.  If you do
+    choose to place your CGI scripts in a directory already
+    accessible from the web, do not use
+    <code class="directive">ScriptAlias</code>.  Instead, use <code class="directive"><a
href="../mod/core.html#directory">&lt;Directory&gt;</a></code>, <code
class="directive"><a href="../mod/core.html#sethandler">SetHandler</a></code>,
and <code class="directive"><a href="../mod/core.html#options">Options</a></code>
as shown in the second example
+    above.</div>
+
+
+<h3>See also</h3>
+<ul>
+<li><a href="../howto/cgi.html">CGI Tutorial</a></li>
+</ul>
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
 <div class="directive-section"><h2><a name="ScriptAliasMatch" id="ScriptAliasMatch">ScriptAliasMatch</a>
<a name="scriptaliasmatch" id="scriptaliasmatch">Directive</a></h2>

Modified: httpd/httpd/trunk/docs/manual/mod/mod_alias.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_alias.xml?rev=432997&r1=432996&r2=432997&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_alias.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_alias.xml Sun Aug 20 11:08:43 2006
@@ -106,7 +106,9 @@
     be stored in the local filesystem other than under the 
     <directive module="core">DocumentRoot</directive>. URLs with a
     (%-decoded) path beginning with <var>url-path</var> will be mapped
-    to local files beginning with <var>directory-path</var>.</p>
+    to local files beginning with <var>directory-path</var>.  The 
+    <var>url-path</var> is case-sensitive, even on case-insenitive 
+    file systems.</p>
 
     <example><title>Example:</title>
       Alias /image /ftp/pub/image
@@ -175,6 +177,14 @@
     <example>
       AliasMatch ^/icons(.*) /usr/local/apache/icons$1
     </example>
+
+    <p>It is also possible to construct an alias with case-insensitive
+    matching of the url-path:</p>
+
+    <example>
+      AliasMatch (?i)^/image(.*) /ftp/pub/image$1
+    </example>
+
 </usage>
 </directivesynopsis>
 
@@ -192,12 +202,12 @@
     <p>The Redirect directive maps an old URL into a new one by asking
     the client to refetch the resource at the new location.</p>
 
-    <p>The old <em>URL-path</em> is a (%-decoded) path beginning with
-    a slash.  A relative path is not allowed.  The new <em>URL</em>
-    should be an absolute URL beginning with a scheme and hostname,
-    but a URL-path beginning with a slash may also be used, in which
-    case the scheme and hostname of the current server will be
-    added.</p>
+    <p>The old <em>URL-path</em> is a case-sensitive (%-decoded) path
+    beginning with a slash.  A relative path is not allowed.  The new
+    <em>URL</em> should be an absolute URL beginning with a scheme and
+    hostname, but a URL-path beginning with a slash may also be used,
+    in which case the scheme and hostname of the current server will
+    be added.</p>
 
     <p>Then any request beginning with <em>URL-Path</em> will return a
     redirect request to the client at the location of the target
@@ -337,9 +347,9 @@
     behavior as the <directive module="mod_alias">Alias</directive>
     directive, except that in addition it marks the target directory
     as containing CGI scripts that will be processed by <module
-    >mod_cgi</module>'s cgi-script handler. URLs with a
+    >mod_cgi</module>'s cgi-script handler. URLs with a case-sensitive
     (%-decoded) path beginning with <var>URL-path</var> will be mapped
-    to scripts beginning with the second argument which is a full
+    to scripts beginning with the second argument, which is a full
     pathname in the local filesystem.</p>
 
     <example><title>Example:</title>
@@ -347,8 +357,34 @@
     </example>
 
     <p>A request for <code>http://myserver/cgi-bin/foo</code> would cause
the
-    server to run the script <code>/web/cgi-bin/foo</code>.</p>
+    server to run the script <code>/web/cgi-bin/foo</code>.  This configuration
+    is essentially equivalent to:</p>
+    <example>
+      Alias /cgi-bin/ /web/cgi-bin/<br />
+      &lt;Directory /web/cgi-bin &gt;<br />
+      <indent>
+      SetHandler cgi-script<br />
+      Options +ExecCGI<br />
+      </indent>
+      &lt;/Directory&gt;
+    </example>
+
+    <note>It is safer to avoid placing CGI scripts under the
+    <directive module="core">DocumentRoot</directive> in order to
+    avoid accidentally revealing their source code if the
+    configuration is ever changed.  The
+    <directive>ScriptAlias</directive> makes this easy by mapping a
+    URL and designating CGI scripts at the same time.  If you do
+    choose to place your CGI scripts in a directory already
+    accessible from the web, do not use
+    <directive>ScriptAlias</directive>.  Instead, use <directive
+    module="core" type="section">Directory</directive>, <directive
+    module="core">SetHandler</directive>, and <directive
+    module="core">Options</directive> as shown in the second example
+    above.</note>
+
 </usage>
+<seealso><a href="../howto/cgi.html">CGI Tutorial</a></seealso>
 </directivesynopsis>
 
 <directivesynopsis>



Mime
View raw message