I am using RedHat 6.4 with Apache 2.2.15. I send a wget request to the server for /cobbler/pub/foo.to. The server returns a 403 status. The access_log entry is: 129.165.8.75 - - [02/Apr/2013:11:46:44 +0000] "GET /cobbler/pub/foo.to HTTP/1.0" 403 220 "-" "Wget/1.10.2 (Red Hat modified)" The error_log entry is: [Tue Apr 02 11:46:44 2013] [error] [client 129.165.8.75] Options ExecCGI is off in this directory: /var/www/cobbler/pub/foo.to The modsec_audit.log is the most complete: --cae3ab09-A-- [02/Apr/2013:11:48:47 +0000] UVrFn4GlCCkAAFj@O8UAAAAD 129.165.8.75 46737 129.165.8.41 80 --cae3ab09-B-- GET /cobbler/pub/foo.to HTTP/1.0 User-Agent: Wget/1.10.2 (Red Hat modified) Accept: */* Host: cobbler Connection: Keep-Alive --cae3ab09-F-- HTTP/1.1 403 Forbidden Content-Length: 220 Connection: close Content-Type: text/html; charset=iso-8859-1 --cae3ab09-E-- --cae3ab09-H-- Apache-Error: [file "/builddir/build/BUILD/httpd-2.2.15/modules/generators/mod_cgi.c"] [line 168] [level 3] Options ExecCGI is off in this directory: /var/www/cobbler/pub/foo.to Apache-Handler: cgi-script Stopwatch: 1364903327323156 1714 (- - -) Stopwatch2: 1364903327323156 1714; combined=59, p1=17, p2=37, p3=0, p4=0, p5=5, sr=0, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.7.1 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --cae3ab09-Z— My question is why Apache considers a file with a “.to” extension to by a CGI script? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|