Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3A3DDF9BB for ; Wed, 3 Apr 2013 11:04:16 +0000 (UTC) Received: (qmail 50501 invoked by uid 500); 3 Apr 2013 11:04:13 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 50379 invoked by uid 500); 3 Apr 2013 11:04:12 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 50348 invoked by uid 99); 3 Apr 2013 11:04:11 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Apr 2013 11:04:11 +0000 X-ASF-Spam-Status: No, hits=-0.1 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of stuart.j.newman@nasa.gov designates 198.117.0.121 as permitted sender) Received: from [198.117.0.121] (HELO ndmsnpf01.ndc.nasa.gov) (198.117.0.121) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Apr 2013 11:04:05 +0000 Received: from ndmsppt102.ndc.nasa.gov (NDMSPPT102.ndc.nasa.gov [198.117.0.67]) by ndmsnpf01.ndc.nasa.gov (Postfix) with ESMTP id 779FF260015 for ; Wed, 3 Apr 2013 06:03:43 -0500 (CDT) Received: from ndmshub04.ndc.nasa.gov (ndmshub04-pub.ndc.nasa.gov [198.117.0.43]) by ndmsppt102.ndc.nasa.gov (8.14.5/8.14.5) with ESMTP id r33B3hqT019074 for ; Wed, 3 Apr 2013 06:03:43 -0500 Received: from NDMSSCC06.ndc.nasa.gov ([198.117.2.176]) by ndmshub04.ndc.nasa.gov ([198.117.2.163]) with mapi; Wed, 3 Apr 2013 06:03:43 -0500 From: "Newman, Stuart J. (GSFC-444.0)[HONEYWELL TECHNOLOGY SOLUTIONS INC]" To: "users@httpd.apache.org" Date: Wed, 3 Apr 2013 06:03:42 -0500 Thread-Topic: file extensions for CGI Thread-Index: Ac4vvyV0CWazaDjEQhW3ObpYrWTG4Q== Message-ID: <797C30F3EC4D3F4C96C2A97CCBE16E8AA99462441D@NDMSSCC06.ndc.nasa.gov> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/alternative; boundary="_000_797C30F3EC4D3F4C96C2A97CCBE16E8AA99462441DNDMSSCC06ndcn_" MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.10.8626,1.0.431,0.0.0000 definitions=2013-04-03_05:2013-04-03,2013-04-03,1970-01-01 signatures=0 X-Virus-Checked: Checked by ClamAV on apache.org Subject: [users@httpd] file extensions for CGI --_000_797C30F3EC4D3F4C96C2A97CCBE16E8AA99462441DNDMSSCC06ndcn_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I am using RedHat 6.4 with Apache 2.2.15. I send a wget request to the ser= ver for /cobbler/pub/foo.to. The server returns a 403 status. The access_log entry is: 129.165.8.75 - - [02/Apr/2013:11:46:44 +0000] "GET /cobbler/pub/foo.to HTTP= /1.0" 403 220 "-" "Wget/1.10.2 (Red Hat modified)" The error_log entry is: [Tue Apr 02 11:46:44 2013] [error] [client 129.165.8.75] Options ExecCGI is= off in this directory: /var/www/cobbler/pub/foo.to The modsec_audit.log is the most complete: --cae3ab09-A-- [02/Apr/2013:11:48:47 +0000] UVrFn4GlCCkAAFj@O8UAAAAD 129.165.8.75 46737 12= 9.165.8.41 80 --cae3ab09-B-- GET /cobbler/pub/foo.to HTTP/1.0 User-Agent: Wget/1.10.2 (Red Hat modified) Accept: */* Host: cobbler Connection: Keep-Alive --cae3ab09-F-- HTTP/1.1 403 Forbidden Content-Length: 220 Connection: close Content-Type: text/html; charset=3Diso-8859-1 --cae3ab09-E-- --cae3ab09-H-- Apache-Error: [file "/builddir/build/BUILD/httpd-2.2.15/modules/generators/= mod_cgi.c"] [line 168] [level 3] Options ExecCGI is off in this directory: = /var/www/cobbler/pub/foo.to Apache-Handler: cgi-script Stopwatch: 1364903327323156 1714 (- - -) Stopwatch2: 1364903327323156 1714; combined=3D59, p1=3D17, p2=3D37, p3=3D0,= p4=3D0, p5=3D5, sr=3D0, sw=3D0, l=3D0, gc=3D0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.7.1 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --cae3ab09-Z- My question is why Apache considers a file with a ".to" extension to by a C= GI script? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~= ~~~~~~~~~~~~~~~~~ Stuart J. Newman Engineer 4; Systems Solar Dynamics Observatory (SDO) Honeywell Technology Solutions Inc NASA/Goddard Space Flight Center Building 14, Room E222 Mail Stop 428.2 Greenbelt, MD 20771 Office: (301) 286-5145 EMail: Stuart.J.Newman@nasa.gov ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~= ~~~~~~~~~~~~~~~~~ NOTICE: This communication, including any attachment, contains information = that may be confidential or privileged, and is intended solely for the enti= ty or individual to whom it is addressed. If you are not the intended reci= pient, please notify the sender at once, and you should delete this message= and are hereby notified that any disclosure, copying, or distribution of t= his message is strictly prohibited. Nothing in this email, including any a= ttachment, is intended to be a legally binding signature. --_000_797C30F3EC4D3F4C96C2A97CCBE16E8AA99462441DNDMSSCC06ndcn_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

I am using RedHa= t 6.4 with Apache 2.2.15.  I send a wget request to the server for /co= bbler/pub/foo.to.  The server returns a 403 status.

 

The access_log e= ntry is:

 

129.165.8.75 - - [02/Apr/2013:11:46:44 +0000] "GET /cobbl= er/pub/foo.to HTTP/1.0" 403 220 "-" "Wget/1.10.2 (Red H= at modified)"

 

=

The error_log entry is:

 

[Tue Apr 02 11:46:44 2013] [= error] [client 129.165.8.75] Options ExecCGI is off in this directory: /var= /www/cobbler/pub/foo.to

 

The modsec_audit.log is the most complete:

 

--ca= e3ab09-A--

[02/Apr/2013:11:48:47 +0000] = UVrFn4GlCCkAAFj@O8UAAAAD 129.165.8.75 46737 129.165.8.41 80

<= p class=3DMsoNormal>--cae3ab09-B--

GET /= cobbler/pub/foo.to HTTP/1.0

User-Agent: = Wget/1.10.2 (Red Hat modified)

Accept: *= /*

Host: cobbler

Connection: Keep-Alive

 

--cae3ab09-F--

HTTP/1.1 403 Forbidden

Cont= ent-Length: 220

Connection: close

Content-Type: text/html; charset=3Diso-8859-1<= o:p>

 

--cae3ab09-E--

 

--cae3ab09-H--

Apache= -Error: [file "/builddir/build/BUILD/httpd-2.2.15/modules/generators/m= od_cgi.c"] [line 168] [level 3] Options ExecCGI is off in this directo= ry: /var/www/cobbler/pub/foo.to

Apache-H= andler: cgi-script

Stopwatch: 1364903327= 323156 1714 (- - -)

Stopwatch2: 13649033= 27323156 1714; combined=3D59, p1=3D17, p2=3D37, p3=3D0, p4=3D0, p5=3D5, sr= =3D0, sw=3D0, l=3D0, gc=3D0

Response-Bod= y-Transformed: Dechunked

Producer: ModSe= curity for Apache/2.7.1 (http://www.modsecurity.org/).

Server: Apache

Engine-Mod= e: "ENABLED"

 =

--cae3ab09-Z—

 

My question is why Apache co= nsiders a file with a “.to” extension to by a CGI script?<= /o:p>

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~= ~~~~~~~~~~~~~~~~~~~~~~

Stuart J. Newman
E= ngineer 4; Systems

Solar Dynamics Observatory (SDO)

 <= /p>

Honeywell Technolog= y Solutions Inc<= o:p>

NASA/Goddard Space Flight Center

Building 14, Room E222

Mail S= top 428.2

Greenbelt, MD 20771

 

Office: (301) 286-5145<= /p>

EMail: = Stuart.J.Newman@nasa.gov

=  

~~~~~~~~~~~~~~~~~~~~~~= ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTICE: This communication, includin= g any attachment, contains information that may be confidential or privileg= ed, and is intended solely for the entity or individual to whom it is addre= ssed.  If you are not the intended recipient, please notify the sender= at once, and you should delete this message and are hereby notified that a= ny disclosure, copying, or distribution of this message is strictly prohibi= ted.  Nothing in this email, including any attachment, is intended to = be a legally binding signature.

<= o:p> 

= --_000_797C30F3EC4D3F4C96C2A97CCBE16E8AA99462441DNDMSSCC06ndcn_--