Return-Path: 
 <users-return-33107-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 53798 invoked from network); 4 Oct 2003 06:11:41 -0000
Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12)
  by minotaur-2.apache.org with SMTP; 4 Oct 2003 06:11:41 -0000
Received: (qmail 77124 invoked by uid 500); 4 Oct 2003 06:11:06 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 77008 invoked by uid 500); 4 Oct 2003 06:11:05 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
list-post: <mailto:users@httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 76994 invoked from network); 4 Oct 2003 06:11:05 -0000
Received: from unknown (HELO smtp.inreach.com) (209.142.2.34)
  by daedalus.apache.org with SMTP; 4 Oct 2003 06:11:05 -0000
Received: (qmail 22695 invoked from network); 4 Oct 2003 06:11:16 -0000
Received: from unknown (HELO w2k30g) (209.142.39.228)
  by smtp.inreach.com with SMTP; 4 Oct 2003 06:11:16 -0000
Message-ID: <00ca01c38a3e$43966100$0a01a8c0@w2k30g>
From: "David Christensen" <dpchrist@holgerdanske.com>
To: <users@httpd.apache.org>
Date: Fri, 3 Oct 2003 23:10:23 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
Subject: [users@httpd] protecting non-script files in public_html/cgi-bin/ via
 .htaccess
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

hello, world!

I am doing some CGI development for a site on a shared hosting service
that puts the CGI directory under the virtual host's DocumentRoot (e.g.
~/public_html/cgi-bin/).  The server is configured such that requests to
"http://my.domain.com/cgi-bin/non-script-file" result in
"non-script-file" being displayed in the  browser.  I would like to
prevent such.

So, I RTFM and came up with the following .htaccess file and placed it
in the CGI directory on my development server:

    dpchrist@d3020g:~/public_html/cgi-bin:CVS> ll .htaccess
    -rw-r--r--    1 dpchrist dpchrist       95 Oct  3 22:49 .htaccess

    dpchrist@d3020g:~/public_html/cgi-bin:CVS> cat .htaccess
    <Files "*.pl">
        Order allow,deny
        Allow from all
    </Files>
    Order deny,allow
    Deny from all

It seems to have the desired effect (Perl CGI scripts work, but user
gets "403 Forbidden" for all other files).

Is this a robust solution, or just newbie wishful thinking?

TIA,

David


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org