httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Newman, Stuart J. (GSFC-444.0)[HONEYWELL TECHNOLOGY SOLUTIONS INC]" <stuart.j.new...@nasa.gov>
Subject RE: [users@httpd] file extensions for CGI
Date Wed, 03 Apr 2013 12:03:57 GMT
The execute bit is set.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Stuart J. Newman
Engineer 4; Systems
Solar Dynamics Observatory (SDO)
 
Honeywell Technology Solutions Inc
NASA/Goddard Space Flight Center
Building 14, Room E222
Mail Stop 428.2
Greenbelt, MD 20771
 
Office: (301) 286-5145
EMail: Stuart.J.Newman@nasa.gov

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTICE: This communication, including any attachment, contains information that may be confidential
or privileged, and is intended solely for the entity or individual to whom it is addressed. 
If you are not the intended recipient, please notify the sender at once, and you should delete
this message and are hereby notified that any disclosure, copying, or distribution of this
message is strictly prohibited.  Nothing in this email, including any attachment, is intended
to be a legally binding signature.

> -----Original Message-----
> From: Tom Evans [mailto:tevans.uk@googlemail.com]
> Sent: Wednesday, April 03, 2013 08:03
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] file extensions for CGI
> 
> Is the file executable - ie "does it have it's exec bit set", not "is
> it a program".
> 
> Cheers
> 
> Tom
> 
> On Wed, Apr 3, 2013 at 12:03 PM, Newman, Stuart J.
> (GSFC-444.0)[HONEYWELL TECHNOLOGY SOLUTIONS INC]
> <stuart.j.newman@nasa.gov> wrote:
> > I am using RedHat 6.4 with Apache 2.2.15.  I send a wget request to
> > the server for /cobbler/pub/foo.to.  The server returns a 403 status.
> >
> >
> >
> > The access_log entry is:
> >
> >
> >
> > 129.165.8.75 - - [02/Apr/2013:11:46:44 +0000] "GET
> /cobbler/pub/foo.to
> > HTTP/1.0" 403 220 "-" "Wget/1.10.2 (Red Hat modified)"
> >
> >
> >
> > The error_log entry is:
> >
> >
> >
> > [Tue Apr 02 11:46:44 2013] [error] [client 129.165.8.75] Options
> > ExecCGI is off in this directory: /var/www/cobbler/pub/foo.to
> >
> >
> >
> > The modsec_audit.log is the most complete:
> >
> >
> >
> > --cae3ab09-A--
> >
> > [02/Apr/2013:11:48:47 +0000] UVrFn4GlCCkAAFj@O8UAAAAD 129.165.8.75
> > 46737
> > 129.165.8.41 80
> >
> > --cae3ab09-B--
> >
> > GET /cobbler/pub/foo.to HTTP/1.0
> >
> > User-Agent: Wget/1.10.2 (Red Hat modified)
> >
> > Accept: */*
> >
> > Host: cobbler
> >
> > Connection: Keep-Alive
> >
> >
> >
> > --cae3ab09-F--
> >
> > HTTP/1.1 403 Forbidden
> >
> > Content-Length: 220
> >
> > Connection: close
> >
> > Content-Type: text/html; charset=iso-8859-1
> >
> >
> >
> > --cae3ab09-E--
> >
> >
> >
> > --cae3ab09-H--
> >
> > Apache-Error: [file
> > "/builddir/build/BUILD/httpd-2.2.15/modules/generators/mod_cgi.c"]
> > [line 168] [level 3] Options ExecCGI is off in this directory:
> > /var/www/cobbler/pub/foo.to
> >
> > Apache-Handler: cgi-script
> >
> > Stopwatch: 1364903327323156 1714 (- - -)
> >
> > Stopwatch2: 1364903327323156 1714; combined=59, p1=17, p2=37, p3=0,
> > p4=0, p5=5, sr=0, sw=0, l=0, gc=0
> >
> > Response-Body-Transformed: Dechunked
> >
> > Producer: ModSecurity for Apache/2.7.1 (http://www.modsecurity.org/).
> >
> > Server: Apache
> >
> > Engine-Mode: "ENABLED"
> >
> >
> >
> > --cae3ab09-Z—
> >
> >
> >
> > My question is why Apache considers a file with a “.to” extension to
> > by a CGI script?
> >
> >
> >
> >
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > ~~~~~~~~~~~~~~~~~~~~~~
> >
> > Stuart J. Newman
> > Engineer 4; Systems
> >
> > Solar Dynamics Observatory (SDO)
> >
> >
> >
> > Honeywell Technology Solutions Inc
> >
> > NASA/Goddard Space Flight Center
> >
> > Building 14, Room E222
> >
> > Mail Stop 428.2
> >
> > Greenbelt, MD 20771
> >
> >
> >
> > Office: (301) 286-5145
> >
> > EMail: Stuart.J.Newman@nasa.gov
> >
> >
> >
> >
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > ~~~~~~~~~~~~~~~~~~~~~~
> > NOTICE: This communication, including any attachment, contains
> > information that may be confidential or privileged, and is intended
> > solely for the entity or individual to whom it is addressed.  If you
> > are not the intended recipient, please notify the sender at once, and
> > you should delete this message and are hereby notified that any
> > disclosure, copying, or distribution of this message is strictly
> > prohibited.  Nothing in this email, including any attachment, is
> intended to be a legally binding signature.
> >
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org

Mime
View raw message