On Wed, Aug 15, 2018 at 5:53 PM Jason Pitt <jnpitt@xxxxxx> wrote:
>
> Ok I have a work around but I'm really unhappy with it and I'd like it if someone can verify for me that I'm not doing something wrong before I change my whole code base to deal with the cgi scripts not being present in the apache default cgi-bin (on my system /usr/lib/cgi-bin). So when a client requests a file from the cgi-bin Apache seems to execute it before asking for Basic Authorization. However if I take the exact same apache2.config block, change the directory to something somewhere else, in this case /var/www/html, add +ExecCGI and a handler for .cgi files...Apache has the behavior I'd expect. It asks for authorization, then executes the .cgi file. Why on earth can't I just do that for the default cgi-bin???
>
> so this works:
> <Directory /var/www/html>
> Options Indexes FollowSymLinks ExecCGI
> AddHandler cgi-script .cgi
> AllowOverride None
> AuthUserFile /home/jpitt/wormbot/passwords
> AuthType Basic
> AuthName "Kaebot"
> Require valid-user
> </Directory>
>
> this asks for a password but executes the script regardless of user input
> <Directory /usr/lib/cgi-bin>
> Options Indexes FollowSymLinks ExecCGI
> AddHandler cgi-script .cgi
> AllowOverride None
> AuthUserFile /home/jpitt/wormbot/passwords
> AuthType Basic
> AuthName "Kaebot"
> Require valid-user
> </Directory>
Maybe there is some other overlapping configuration section?
------------------------------------------------------------ ---------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|