Project

General

Profile

Actions
Copy link

Feature #28

closed

Feature Request: Constrain CGIs in Specified Directory

Added by Anonymous almost 20 years ago. Updated almost 18 years ago.

Status:
Fixed
Priority:
Normal
Category:
mod_cgi
Target version:
1.4.9
ASK QUESTIONS IN Forums:

Description

The current configuration of CGIs,


    cgi.assign = ( ".pl"  => "/usr/bin/perl",
                   ".sh"  => "/bin/sh" )

takes every thing with extension *.sh or *.pl as CGIs. But this is not safe on
a site which allows users to upload files. Can we instead use Regular Expressions
in this configuration?


    cgi.assign = ( "^/cgi-bin/*.pl"  => "/usr/bin/perl",
                   "^/cgi-bin/*.sh"  => "/bin/sh" )

or, without Regular Expression, add a new configuration line like


cgi.constrain = ("/cgi-bin/", "/othercgi-bin/")

Thanks a lot

-- yasheng

Actions
Copy link
 #1

Updated by jan almost 20 years ago

  • Status changed from New to Assigned

$HTTPurl =~ "^/cgi-bin/" {
cgi.assign = ( ".pl" => "/usr/bin/perl" )
}

already does that. To do this inside of a virtual server you have to wait for nested conditionals.

Actions
Copy link

Also available in: Atom