httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (Robert S. Thau)
Subject Re: WWW Form Bug Report: "Security bug involving ScriptAliased directories" on Linux
Date Fri, 03 Nov 1995 15:08:35 GMT
  Conclusion: the only "bug" is that Scriptalias doesn't match *pattern*, 
  just pattern*.

Actually, the mismatch conditions are a little more specific, but that's
a fair summary... it also suggests the two workarounds I've thought of,
which are:

1) to set Options ExecCGI and DefaultType application/x-httpd-cgi in the
   directory (either via <Directory> or .htaccess)

2) Just move the cgi-bin directory out of DocumentRoot.


View raw message