httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Defenitively a Silver bullet, but perhaps a plastic one.
Date Wed, 02 Feb 2000 19:48:46 GMT
Comments please:

Would it it be correct to hint that a 'quick' stop gap approach for the
CCS 
problem is for static-only default installed sites would be something like:

IF you have a site which:

*	is a 100% static.

and

*	and it really does use no CGI (cgi-bin, perl, perl, cold fusion or any
	generated content. (I do not want to go into the details of what
	that means; and why some of it is safe, and some of it might not be).

THEN you might be able to get away with doing ALL of the stuff below.

*	Put 
		ErrorDocument	301	"Document Moved"
		ErrorDocument	302	"Document Moved"
		ErrorDocument	307	"Temp Redir"
		ErrorDocument	303	"See Other"
		ErrorDocument	305	"Use proxy"
		ErorrDocument	403	"Forbidden"
		ErrorDocument	404	"Not Found"
		ErrorDocument	405	"Not Allowed"
		ErrorDocument	406	"Not Acceptable"
		ErrorDocument	412	"Precondition failed"
		ErrorDocument	501	"Not Implemented"
		ErrorDocument	506	"Variant Varies"
		ErrorDocument	413	"Way to big"
		....

	in httpd.conf

*	completely disable/remove mod_info and mod_status
	
	Note: access restrictions are not good enough; you can compromize
	the people in the ACL that way!

*	disable/remove the example CGI bin scripts.

	Note: access restrictions are not good enough; you can compromize
	the people in the ACL that way!

Does this make sense ? What holes did I leave.? What I am looking for is
two fold; a 'safeish' solution for 90% of the small users which only have
static pages whcih does not require a 'patch' and 'compile' until we have
a full binary release. And a stop gap solution for those admin's now
working on getting their servers rebuild.

This would mean that we could also put up a drop-in

	httpd.conf

file which would help people as an intermediate solution. Or is this a bad
idea; and do we need to rething/force people to get into source/patch/compile
and install... or wait for binary ?

Comments ?

Dw.

Mime
View raw message