httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Christensen" <dpchr...@holgerdanske.com>
Subject [users@httpd] protecting non-script files in public_html/cgi-bin/ via .htaccess
Date Sat, 04 Oct 2003 06:10:23 GMT
hello, world!

I am doing some CGI development for a site on a shared hosting service
that puts the CGI directory under the virtual host's DocumentRoot (e.g.
~/public_html/cgi-bin/).  The server is configured such that requests to
"http://my.domain.com/cgi-bin/non-script-file" result in
"non-script-file" being displayed in the  browser.  I would like to
prevent such.

So, I RTFM and came up with the following .htaccess file and placed it
in the CGI directory on my development server:

    dpchrist@d3020g:~/public_html/cgi-bin:CVS> ll .htaccess
    -rw-r--r--    1 dpchrist dpchrist       95 Oct  3 22:49 .htaccess

    dpchrist@d3020g:~/public_html/cgi-bin:CVS> cat .htaccess
    <Files "*.pl">
        Order allow,deny
        Allow from all
    </Files>
    Order deny,allow
    Deny from all

It seems to have the desired effect (Perl CGI scripts work, but user
gets "403 Forbidden" for all other files).

Is this a robust solution, or just newbie wishful thinking?

TIA,

David


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message