httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <>
Subject Re: [users@httpd] prevent cgi-bin script execution prior to authorization dialog success
Date Wed, 15 Aug 2018 01:37:24 GMT
On Tue, Aug 14, 2018 at 9:33 PM Jason Pitt <> wrote:
> Hello-
> I'm having an issue with trying to configure apache that I'm hoping someone can help
me address.  I have several scripts located in the cgi-bin that I want to control access to.
  I'm able to either put an .htaccess file in the cgi-bin or modify the apache2.conf file
to prompt for a username and password when the url to the cgi script is entered into a browser,
however...the script executes and sends content to the browser window before the user enters
anything into the authorization dialog...furthermore the user can just cancel the authorization
dialog and can then interact with the cgi generated content...the only thing getting blocked
by apache is access to actual files on the webserver.  How do I prevent this behavior?
It sounds like you may not be protecting the right
URL/files/directories. What's the relevant config and URL being
accessed? What does the access log say?

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message