httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: [users@httpd] whatever.cgi.html
Date Tue, 21 Jul 2009 10:25:39 GMT
Dave Howorth wrote:
> I have a problem with a legacy server - Apache 1.3. The content of the
> site has CGI scripts scattered around so it has a directive (showing
> just relevant bits):
> 
> <Directory /toplevel>
>     Options ExecCGI
> </Directory>

.. a Very Bad Idea

> 
> and it has:
> 
> AddHandler cgi-script .cgi
> 
> Unfortunately, it also has some static content files with names like:
> 
> /toplevel/data/whatever.cgi.html

.. compounded

> 
> Until just now, I didn't know that Apache parsed multiple filename
> extensions and I guess whoever chose the naming convention for these
> static files didn't either :(  The result is that these files resulted
> in 500 internal server errors being returned to the users, because
> Apache tried to interpret them as CGI scripts.
> 
> To fix it, I tried adding:
> 
> <Directory /toplevel/data>
>     Options -ExecCGI
> </Directory>
> 

Clever, that..

> but that just changed the error message to 403 Forbidden, which I guess
> means it is still parsing the filename extension in that directory and
> then refusing to execute it.

Yep. :-)

> 
> Is there some way to tell it that all the files in /toplevel/data/ are
> just to be served as static HTML?
> 
> I've looked at the FAQ and tried to search but it's an awkard question
> to search for. And as you'll have gathered, I'm not an Apache expert!
> 
That deserves an answer, but it may not be so simple.
As you have already guessed, that basic setup ..sucks.
The real good solution would be to gather all these cgi scripts into one 
single directory, and then set only that one up with ExecCGI.
But that would probably break half the site, no ?

You could try this :

 > <Directory /toplevel/data>
 >     Options -ExecCGI
 > </Directory>

but add

<Files ~ "\.cgi$">
  SetHandler cgi-script
</Files>

(That's assuming that all the legitimate cgi scripts do end in ".cgi", 
and it may also have security implications. Consider this as a "rough 
draft, quick and dirty" solution.)

Other than that, there might be other ways involving SetEnvIf or 
RewriteCond/RewriteRule.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message