httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric ...@kwinternet.com>
Subject Re: [users@httpd] disabling all cgi
Date Fri, 20 Aug 2004 19:10:08 GMT
Hi,

That is a very interesting problem. My first thought was, well of course 
you can just remove mod_cgi and mod_php, but then the rest of your site 
will not work :) But you could setup an Apache that is compiled without any 
dynamic modules including mod_cgi and then use mod_rewrite to make it seem 
a part of your site.

ProxyPass        /uploads/ http://localhost:8080/uploads/
ProxyPassReverse /uploads/ http://localhost:8080/uploads/

Just a thought..

Joshua, I was interested to learn that -ExecCGI gets ignored sometimes, 
which modules do that?


Eric

direct from your main apache to the "safe" apache.

At 11:44 AM 8/20/2004, you wrote:
>On Fri, 20 Aug 2004 13:24:16 -0500, Davy Durham <pubaddr@davyandbeth.com> 
>wrote:
> > Hi,
> >   I'm developing a part of my site where users will be able to
> > upload/download files via http.  However, currently if a user were to
> > upload for instance a .php file then it executes it.
> >
> > QUESTION: Is there a blanket way to disable execution of anything?
>
>I don't think so.
>
>In a perfect world, you could simply
>SetHandler default-handler
>RemoveOutputFilter *
>Option -ExecCGI
>
>But many modules deviously use "magic" mime-types which activate
>handlers in the background, the RemoveOutputFilter directive doesn't
>work like that, and not all modules honour the ExecCGI flag.
>
>So I think you are pretty-much stuck handling each
>dynamic-content-source separately.
>
>Joshua.
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org


Lead Programmer
D.M. Contact Management
250.383.8267 ext 229 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message