httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <>
Subject Re: [users@httpd] disabling all cgi
Date Fri, 20 Aug 2004 18:44:19 GMT
On Fri, 20 Aug 2004 13:24:16 -0500, Davy Durham <> wrote:
> Hi,
>   I'm developing a part of my site where users will be able to
> upload/download files via http.  However, currently if a user were to
> upload for instance a .php file then it executes it.
> QUESTION: Is there a blanket way to disable execution of anything?

I don't think so.

In a perfect world, you could simply
SetHandler default-handler
RemoveOutputFilter *
Option -ExecCGI

But many modules deviously use "magic" mime-types which activate
handlers in the background, the RemoveOutputFilter directive doesn't
work like that, and not all modules honour the ExecCGI flag.

So I think you are pretty-much stuck handling each
dynamic-content-source separately.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message