On Wed, Aug 15, 2018 at 5:53 PM Jason Pitt <jnpitt@xxxxxx> wrote: > > Ok I have a work around but I'm really unhappy with it and I'd like it if someone can verify for me that I'm not doing something wrong before I change my whole code base to deal with the cgi scripts not being present in the apache default cgi-bin (on my system /usr/lib/cgi-bin). So when a client requests a file from the cgi-bin Apache seems to execute it before asking for Basic Authorization. However if I take the exact same apache2.config block, change the directory to something somewhere else, in this case /var/www/html, add +ExecCGI and a handler for .cgi files...Apache has the behavior I'd expect. It asks for authorization, then executes the .cgi file. Why on earth can't I just do that for the default cgi-bin??? > > so this works: > <Directory /var/www/html> > Options Indexes FollowSymLinks ExecCGI > AddHandler cgi-script .cgi > AllowOverride None > AuthUserFile /home/jpitt/wormbot/passwords > AuthType Basic > AuthName "Kaebot" > Require valid-user > </Directory> > > this asks for a password but executes the script regardless of user input > <Directory /usr/lib/cgi-bin> > Options Indexes FollowSymLinks ExecCGI > AddHandler cgi-script .cgi > AllowOverride None > AuthUserFile /home/jpitt/wormbot/passwords > AuthType Basic > AuthName "Kaebot" > Require valid-user > </Directory> Maybe there is some other overlapping configuration section? --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|