httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: [markl@ftech.net (Mark Lowes)] Feature Request: mod_include.c
Date Mon, 06 Apr 1998 05:46:53 GMT
Folks ask for this a lot, and I always forget what the answer is.  We
should either support it if we don't, or we should document how it's done
in the mod_include docs and include a pointer in the FAQ.

ISTR this is accomplished by doing IncludeNOEXEC and using #include
virtual.  Or is that just how we think it should work but there's a bug? 
I dunno.  Marc? 

Dean

Date: Thu, 26 Mar 1998 18:00:44 GMT
From: Mark Lowes <markl@ftech.net>
To: apache@apache.org
Subject: Feature Request: mod_include.c

Hi,

Something which would be useful to include in either the 1.3 release or
as a patch to 1.2.x would be the ability to block the "#exec cmd" server
side includes but not the "#exec cgi" includes.

The problem we have here is that we support a SSI counter but doing so
also gives the customers the ability to run commands on the webserver
via the "#exec cmd" include.  Unless I'm missing something silly the
#exec has a all or nothing blocking in the IncludeNOEXEC.

	regards
	   Mark


-- 
+--------------------------------------------------------------------+
| Mark Lowes <markl@ftech.net>                    Network Operations |
+--------------------------------------------------------------------+
| Frontier Internet Services Ltd - Disclaimer;                       |
|                                                                    |
| All statements made and agreements come to by means of email are   |
| at all times subject to Frontier's Terms and Conditions of service |
| and product descriptions / sales literature. Representations made  |
| above and beyond those contained there in are not to be relied     |
| upon and are at no time contractually binding.                     |
+--------------------------------------------------------------------+




Mime
  • Unnamed multipart/mixed (inline, None, 0 bytes)
View raw message