Project

General

Profile

Feature #28

Feature Request: Constrain CGIs in Specified Directory

Added by Anonymous almost 15 years ago. Updated almost 13 years ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
mod_cgi
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Missing in 1.5.x:

Description

The current configuration of CGIs,


    cgi.assign = ( ".pl"  => "/usr/bin/perl",
                   ".sh"  => "/bin/sh" )

takes every thing with extension *.sh or *.pl as CGIs. But this is not safe on
a site which allows users to upload files. Can we instead use Regular Expressions
in this configuration?


    cgi.assign = ( "^/cgi-bin/*.pl"  => "/usr/bin/perl",
                   "^/cgi-bin/*.sh"  => "/bin/sh" )

or, without Regular Expression, add a new configuration line like


cgi.constrain = ("/cgi-bin/", "/othercgi-bin/")

Thanks a lot

-- yasheng

#1

Updated by jan almost 15 years ago

  • Status changed from New to Assigned

$HTTPurl =~ "^/cgi-bin/" {
cgi.assign = ( ".pl" => "/usr/bin/perl" )
}

already does that. To do this inside of a virtual server you have to wait for nested conditionals.

Also available in: Atom