And, in briefly re-examing my reason for developing this module, here's
what happens when, on a stock freshly installed httpd-2.2.17-1.fc14.x86_64
FC-14 setup, I try to do :
in /etc/httpd/conf/httpd.conf :
@line 320:
<Directory "/var/www/html">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
XBitHack on
Options Indexes FollowSymLinks Includes
And then create /var/www/html/test_inc.html :
$ echo '<!--#include file="/var/www/include/test.inc"-->
' > /var/www/html/test_inc.html
$ chown apache:apache /var/www/html/test_inc.html; chmod 0755 /var/www/html/test_inc.html ;
and then create /var/www/include/test.inc :
$ echo 'html>
<head>
<title> It worked!</title>
</head>
</html>
' > /var/www/include/test.inc
$ chown apache:apache /var/www/include/test.inc; chmod 0644 /var/www/include/test.inc
$ curl http://127.0.0.1/html/test_inc.html
[Wed Apr 06 18:13:43 2011] [error] [client 127.0.0.1] unable to include file "/var/www/include/test.inc" in parsed file /var/www/html/test_inc.html
[an error occurred while processing this directive]
Gee, what an informative error message ! (I was doing 'tail -f /var/log/http/error_log &') .
This is because there is no "<Directory> ... </Directory>" entry for "/var/www/include" .
So standard apache SSI can't work even if my scripts use absolute URLs - my
include directory MUST be in some '<Directory>...</Directory>' - but I don't
want to provide any HTTP/S access to SSI fragments - so how can I put them
in a non-'<Directory>...</Directory>' location ?
So to me it is just easier to develop the 'ssi-fragment' mime-type handler module ,
which enables SSI to be used freely , safely and efficiently by scripts without
letting all-and-sundry access SSI fragments which may be security sensitive
outside their containing documents.
My ssi-fragment module has been working OK for some months now on my client's web-server -
I'll check with my client to see if it's OK to make it open-source , and if so,
will post it here or to 'apache-contrib' - I can't find anything else that does the job .
All the best,
Jason
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|