Return-Path:
Delivered-To: apmail-httpd-cvs-archive@www.apache.org
Received: (qmail 17457 invoked from network); 20 Aug 2006 19:48:29 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
by minotaur.apache.org with SMTP; 20 Aug 2006 19:48:29 -0000
Received: (qmail 76114 invoked by uid 500); 20 Aug 2006 19:48:28 -0000
Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org
Received: (qmail 75915 invoked by uid 500); 20 Aug 2006 19:48:28 -0000
Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help:
list-unsubscribe:
List-Post:
List-Id:
Delivered-To: mailing list cvs@httpd.apache.org
Received: (qmail 75904 invoked by uid 99); 20 Aug 2006 19:48:28 -0000
Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49)
by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 20 Aug 2006 12:48:28 -0700
X-ASF-Spam-Status: No, hits=-9.4 required=10.0
tests=ALL_TRUSTED,NO_REAL_NAME
X-Spam-Check-By: apache.org
Received-SPF: pass (asf.osuosl.org: local policy)
Received: from [140.211.166.113] (HELO eris.apache.org) (140.211.166.113)
by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 20 Aug 2006 12:47:57 -0700
Received: by eris.apache.org (Postfix, from userid 65534)
id 940B81A981D; Sun, 20 Aug 2006 12:46:56 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r433022 - in /httpd/httpd/branches/2.2.x/docs/manual/mod:
mod_alias.html.en mod_alias.xml
Date: Sun, 20 Aug 2006 19:46:56 -0000
To: cvs@httpd.apache.org
From: slive@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20060820194656.940B81A981D@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N
Author: slive
Date: Sun Aug 20 12:46:55 2006
New Revision: 433022
URL: http://svn.apache.org/viewvc?rev=433022&view=rev
Log:
Backport:
My last effort was a little too succinct and not quite precise
enough. Try being more explicit.
This does leave the danger that people will clip the
example as the proper way to do things, when they should be
reading on to the example. The example
is only correct when used in conjunction with Alias.
Modified:
httpd/httpd/branches/2.2.x/docs/manual/mod/mod_alias.html.en
httpd/httpd/branches/2.2.x/docs/manual/mod/mod_alias.xml
Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_alias.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_alias.html.en?rev=433022&r1=433021&r2=433022&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_alias.html.en (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_alias.html.en Sun Aug 20 12:46:55 2006
@@ -366,15 +366,15 @@
is essentially equivalent to:
Alias /cgi-bin/ /web/cgi-bin/
- <Directory /web/cgi-bin >
+ <Location /cgi-bin >
SetHandler cgi-script
Options +ExecCGI
- </Directory>
+ </Location>
- It is safer to avoid placing CGI scripts under the
+
It is safer to avoid placing CGI scripts under the
DocumentRoot
in order to
avoid accidentally revealing their source code if the
configuration is ever changed. The
@@ -382,8 +382,20 @@
URL and designating CGI scripts at the same time. If you do
choose to place your CGI scripts in a directory already
accessible from the web, do not use
-
ScriptAlias
. Instead, use
<Directory>
,
SetHandler
, and
Options
as shown in the second example
- above.
+
ScriptAlias
. Instead, use
<Directory>
,
SetHandler
, and
Options
as in:
+
+ <Directory /usr/local/apache2/htdocs/cgi-bin >
+
+ SetHandler cgi-script
+ Options ExecCGI
+
+ </Directory>
+
+ This is necessary since multiple
URL-paths can map
+ to the same filesystem location, potentially bypassing the
+
ScriptAlias
and revealing the source code
+ of the CGI scripts if they are not restricted by a
+
Directory
section.
See also
Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_alias.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_alias.xml?rev=433022&r1=433021&r2=433022&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_alias.xml (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_alias.xml Sun Aug 20 12:46:55 2006
@@ -361,15 +361,15 @@
is essentially equivalent to:
Alias /cgi-bin/ /web/cgi-bin/
- <Directory /web/cgi-bin >
+ <Location /cgi-bin >
SetHandler cgi-script
Options +ExecCGI
- </Directory>
+ </Location>
- It is safer to avoid placing CGI scripts under the
+ It is safer to avoid placing CGI scripts under the
DocumentRoot in order to
avoid accidentally revealing their source code if the
configuration is ever changed. The
@@ -380,8 +380,20 @@
ScriptAlias. Instead, use Directory, SetHandler, and Options as shown in the second example
- above.
+ module="core">Options as in:
+
+ <Directory /usr/local/apache2/htdocs/cgi-bin >
+
+ SetHandler cgi-script
+ Options ExecCGI
+
+ </Directory>
+
+ This is necessary since multiple URL-paths can map
+ to the same filesystem location, potentially bypassing the
+ ScriptAlias and revealing the source code
+ of the CGI scripts if they are not restricted by a
+ Directory section.
CGI Tutorial