perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: cannot LoadModule mod_perl on apache2.2
Date Tue, 21 Apr 2009 16:12:57 GMT
Jeff Zhuk wrote:
> Andre,
>  
> Another thing that maybe related:
> I can start Apache without the line loading the mod_perl
> Then I would expect that my perl script will be executed.
>  
> I have these lines in the httpd.conf:
>  
> Alias /perl/ "C:/Tomcat/webapps"

Very bad !

> <Location /perl>

Probably never even gets here.
I'd have to recheck when things happen between Alias and a Location, but 
off the top of my head, I'd say that the first thing that happens is the 
Alias, so it will never match the Location.

> SetHandler perl-script
> PerlResponseHandler ModPerl::Registry
> Options +ExecCGI
> PerlOptions +ParseHeaders
> </Location>
>  
> But perl is not executed. 
I see the source text instead (my scripts should produce html)
Of course.

>  
> What do you think about this?
>  
A whole lot, but not nice things.
The reason I say Very Bad above, is this :
Suppose you have an operational Tomcat on your system (which the above 
line tends to indicate).
Then suppose you have a webapp under Tomcat :
TOMCAT_DIR/webapps/admin
and suppose that in the web.xml of that webapp is a very secret password.
Then by accessing you server via the URL "/perl/admin/WEB-INF/web.xml", 
I can view/download that web.xml whenever I want.
(and any other file under your Tomcat webapps for that matter.
Never, ever give access to your Tomcat dirs via Apache that way, you 
completely bypass any Tomcat security.

Move your perl scripts somewhere else entirely, not even directly under 
the DocumentRoot of Apache either.
For example, move them to c:/Apache/perl.
Then do this
Alias /perl/ c:/apache/perl/
<Directory c:/apache/perl>
   Order allow,deny
   Allow from All
 > SetHandler perl-script
 > PerlResponseHandler ModPerl::Registry
 > Options +ExecCGI
 > PerlOptions +ParseHeaders
</Directory>

of course, this does not solve your problem loading mod_perl, but it 
would be a first step.


Mime
View raw message