Re: whatever.cgi.html

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dave Howorth wrote:

I have a problem with a legacy server - Apache 1.3. The content of the
site has CGI scripts scattered around so it has a directive (showing
just relevant bits):

<Directory /toplevel>
    Options ExecCGI
</Directory>


.. a Very Bad Idea



and it has:

AddHandler cgi-script .cgi

Unfortunately, it also has some static content files with names like:

/toplevel/data/whatever.cgi.html


.. compounded



Until just now, I didn't know that Apache parsed multiple filename
extensions and I guess whoever chose the naming convention for these
static files didn't either :(  The result is that these files resulted
in 500 internal server errors being returned to the users, because
Apache tried to interpret them as CGI scripts.

To fix it, I tried adding:

<Directory /toplevel/data>
    Options -ExecCGI
</Directory>



Clever, that..


but that just changed the error message to 403 Forbidden, which I guess
means it is still parsing the filename extension in that directory and
then refusing to execute it.


Yep. :-)



Is there some way to tell it that all the files in /toplevel/data/ are
just to be served as static HTML?

I've looked at the FAQ and tried to search but it's an awkard question
to search for. And as you'll have gathered, I'm not an Apache expert!


That deserves an answer, but it may not be so simple.
As you have already guessed, that basic setup ..sucks.
The real good solution would be to gather all these cgi scripts into one single directory, and then set only that one up with ExecCGI. 
But that would probably break half the site, no ?

You could try this :

> <Directory /toplevel/data>
>     Options -ExecCGI
> </Directory>

but add

<Files ~ "\.cgi$">
 SetHandler cgi-script
</Files>
(That's assuming that all the legitimate cgi scripts do end in ".cgi", and it may also have security implications. Consider this as a "rough draft, quick and dirty" solution.)
Other than that, there might be other ways involving SetEnvIf or RewriteCond/RewriteRule. 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux