httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "dbdweeb" <dbdw...@myway.com>
Subject [users@httpd] Need a VirtualScriptAliasMatch Directive
Date Mon, 31 Mar 2003 15:21:04 GMT

 There's this webapp where customers can drop binaries into the /cgi-bin/ of their changerooted
vhost environment. If they escape the changeroot they can do nasty stuff from the browser.
To prevent this ScriptAliasMatch is used as follows:

# virtual host entry for cust1
<VirtualHost ###.###.###.###:80>
 DocumentRoot /app/cust1/vhost/cust1
 ServerName cust1.host.com
 ScriptAliasMatch ^/cgi-bin/cust1$ /app/cust1/cgi-bin/cust1
 ScriptAliasMatch ^/cgi-bin/app1/(.*) /app/cust1/cgi-bin/app1/$1
 ScriptAliasMatch ^/cgi-bin/app2/(.*) /app/cust1/cgi-bin/app2/$1
 ### ScriptAliasMatch continues at length!!
 <Directory /app/cust1/cgi-bin/>
  Options FollowSymLinks
 </Directory><br></VirtualHost>

There are many other subdirectories of /cgi-bin/ not listed in the above which MUST NOT be
matched. Changing the directory structure is not an option. 100's of customers are maintained
in huge vhost files and Apache must be restarted everytime changes are made. I looked at mod_vhost_alias
and mod_rewrite and didn't come up with a solution. Is there a more elegant way to do this?
Any suggestions?

bona fide newbie


_______________________________________________
No banners. No pop-ups. No kidding.
Introducing My Way - http://www.myway.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message