httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@worldgate.com>
Subject Re: [markl@ftech.net (Mark Lowes)] Feature Request: mod_include.c
Date Mon, 06 Apr 1998 05:38:44 GMT
On Sun, 5 Apr 1998, Dean Gaudet wrote:

> Folks ask for this a lot, and I always forget what the answer is.  We
> should either support it if we don't, or we should document how it's done
> in the mod_include docs and include a pointer in the FAQ.
> 
> ISTR this is accomplished by doing IncludeNOEXEC and using #include
> virtual.  Or is that just how we think it should work but there's a bug? 
> I dunno.  Marc? 

IncludesNOEXEC and include virtual, except it only works for scriptalised
directories right now.  For most people, that isn't a big deal because if
they won't to limit execution then they probably have a system directory
defined anyway and don't allow others.

 > 
> Dean
> 
> Date: Thu, 26 Mar 1998 18:00:44 GMT
> From: Mark Lowes <markl@ftech.net>
> To: apache@apache.org
> Subject: Feature Request: mod_include.c
> 
> Hi,
> 
> Something which would be useful to include in either the 1.3 release or
> as a patch to 1.2.x would be the ability to block the "#exec cmd" server
> side includes but not the "#exec cgi" includes.
> 
> The problem we have here is that we support a SSI counter but doing so
> also gives the customers the ability to run commands on the webserver
> via the "#exec cmd" include.  Unless I'm missing something silly the
> #exec has a all or nothing blocking in the IncludeNOEXEC.
> 
> 	regards
> 	   Mark
> 
> 
> -- 
> +--------------------------------------------------------------------+
> | Mark Lowes <markl@ftech.net>                    Network Operations |
> +--------------------------------------------------------------------+
> | Frontier Internet Services Ltd - Disclaimer;                       |
> |                                                                    |
> | All statements made and agreements come to by means of email are   |
> | at all times subject to Frontier's Terms and Conditions of service |
> | and product descriptions / sales literature. Representations made  |
> | above and beyond those contained there in are not to be relied     |
> | upon and are at no time contractually binding.                     |
> +--------------------------------------------------------------------+
> 
> 
> 
> 

Mime
  • Unnamed multipart/mixed (inline, None, 0 bytes)
View raw message