Hi. Is it somehow possible to limit the _usage_ of cgi-scripts to one <Directory> or <Location>. I do not mean the _location_ of the cgi-scripts themselves (which can be limited e.g. via ScriptAlias). Here's the case: I have a vhost, where PHP shall be enabled for a single <Directory>, but only for this directory. This is easy: <VirtualHost ...> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory foo> Action application/x-httpd-php /cgi-bin/php5 </Directory> <Directory bar> ... </Directory> </VirtualHost> Now .php files in foo, are interpreted by /usr/lib/cgi-bin/php5 but files in / or bar are not, as there is no action configured. The remaining problems now are: a) Any other CGI scripts in /usr/lib/cgi-bin/ (and my distro, Debian, puts several in there - which I use on other vhosts) b) as well as php5 can be invoked by clients by directly going to http://example.org/cgi-bin/something. (a) can seemingly be solved, by just using some <Directory>+<Files>+Allow/Deny directives... that just deny access to anything but php5. But this has the drawback, that I cannot use these CGI scripts (e.g. interpreters) for files in other dirs, e.g. bar I also can't do this denying per directory, as far as I can see, as it's not possible to somehow "nest" <Directory> blocks. I guess in principle I'd be looking for an Action directive (which can be used in <Directory> context) whose 2nd argument is not taken to be a URI-location but a filesystem location, e.g. Action2 application/x-httpd-php /usr/lib/cgi-bin/php5 That way, one wouldn't have to expose any /cgi-bin/ to the outside, with possible unwanted CGI scripts that can be seen/invoked. Is there some way to get what I want? :) Thx, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
|