Sunday, November 7, 2010

Bug in Apache? Allow all script in /var/www/cgi-bin

etc/httpd/conf/httpd.conf


<Directory "/var/www/cgi-bin">
    Options ExecCGI
    AddHandler cgi-script .py
# still allow all script, not just .py :(
</Directory>

I think this should only allow .py script, but it allow any executable file.

<Directory "/home/*/public_html/cgi-bin">
    Options ExecCGI
    AddHandler cgi-script .py
</Directory>

As the above only allow .py script in /home/*/public_html/cgi-bin.
or I missed something :(

No comments:

Post a Comment