httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jsl...@gmail.com>
Subject Re: [users@httpd] disabling all cgi
Date Fri, 20 Aug 2004 18:44:19 GMT
On Fri, 20 Aug 2004 13:24:16 -0500, Davy Durham <pubaddr@davyandbeth.com> wrote:
> Hi,
>   I'm developing a part of my site where users will be able to
> upload/download files via http.  However, currently if a user were to
> upload for instance a .php file then it executes it.
> 
> QUESTION: Is there a blanket way to disable execution of anything?

I don't think so.

In a perfect world, you could simply
SetHandler default-handler
RemoveOutputFilter *
Option -ExecCGI

But many modules deviously use "magic" mime-types which activate
handlers in the background, the RemoveOutputFilter directive doesn't
work like that, and not all modules honour the ExecCGI flag.

So I think you are pretty-much stuck handling each
dynamic-content-source separately.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message