www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Querna <p...@querna.org>
Subject CGI Disabled, was Re: RFC: Disabling CGI on most VHosts
Date Thu, 03 Sep 2009 03:52:24 GMT
Deployed.

All vhosts except:
 - www.apache.org
 - perl.apache.org
 - search.apache.org
 - projects.apache.org

Now have CGI support disabled.

If the people could look into fixing {perl,search,projects} up to
remove their need for CGIs.

search.a.o can likely just be turned off, it hasn't worked for years.

projects.a.o just has a single CGi that could be made into a client
side JS or other method.

perl.... not my problem.

www.a.o still has execgi on for all paths, we should tighten it up a
little bit and only allow it in a few specific places.


On Tue, Sep 1, 2009 at 3:26 PM, Philip M. Gollucci<pgollucci@p6m7g8.com> wrote:
> Paul Querna wrote:
>>>
>>> From my best estimates, only 3 of them are not variations on mirror.cgi:
>>
>>  /x1/www/perl.apache.org/search/swish.cgi
>
> Besides the other obvious issues here, can this stay active?
>
>
>
>
>> As putting RewriteRules in hundreds of places is potentially painful,
>> it might be reasonable to write a small Apache httpd module (heh,
>> heh), mod_asf_downloads, which would bind to the .cgi extension in
>> most vhosts.  It would scan the .cgi file for the mirrors.cgi
>> invocation, and if detected automatically rewrite the URL to
>> mirrors.cgi. (I'd estimate about 150 lines of C).    This would make
>> for a seamless 'upgrade' for most vhosts, and mean we could turn off
>> ExecCGI very soon, instead of asking for every TLP to change
>> something.
>
> +1
>
>
> --
> ------------------------------------------------------------------------
> 1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70  3F8C 75B8 8FFB DB9B 8C1C
> Philip M. Gollucci (pgollucci@p6m7g8.com) c: 703.336.9354
> Consultant          - P6M7G8 Inc.                http://p6m7g8.net
> Senior Sys Admin    - RideCharge, Inc.           http://ridecharge.com
> ASF Member          - Apache Software Foundation http://apache.org
> FreeBSD Committer   - FreeBSD Foundation         http://freebsd.org
>
> Work like you don't need the money,
> love like you'll never get hurt,
> and dance like nobody's watching.
>

Mime
View raw message