Skip to main content.
home | support | download

Back to List Archive

Re: swish.cgi, access denied

From: Bill Moseley <moseley(at)not-real.hank.org>
Date: Fri Nov 04 2005 - 14:45:36 GMT
On Thu, Nov 03, 2005 at 11:59:12PM -0500, Michael Porcaro wrote:
> Can I read cgi's in a "search" folder by editing this line:
> 
> ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"

http://httpd.apache.org/docs/1.3/mod/mod_alias.html#scriptalias

http://httpd.apache.org/docs/1.3/mod/mod_cgi.html

ScriptAlias is for telling apache that an entire directory contains
scripts that can be executed.  Do you want all files in your directory
to be executed as scripts?

The summary in that second link explains it.  mod_cgi is an Apache
module that deals with running scripts and sending their output
through apache back to the client.

What tells apache that a given file is a script?

    Any file that has the mime type application/x-httpd-cgi or handler
    cgi-script (Apache 1.1 or later) will be treated as a CGI script

How does a file get a mime type of application/x-httpd-cgi?  Either by
the conf/mime.types file (defined by the TypesConfig directive) or by
specifically listing the file type with AddType:

    AddType application/x-httpd-cgi .cgi .run_you_stupid_program .pl

But the other way, as that sentence says, is by setting the file's
handler specifically to "cgi-script" with the SetHandler directive:

http://httpd.apache.org/docs/1.3/mod/mod_mime.html#sethandler

    <files swish.cgi>
        SetHandler cgi-script
    </files>

Ok, but if you were following along that "Summary" also says:

    Files that are not in a ScriptAlias directory, but which are of
    type application/x-httpd-cgi by virtue of an AddType directive,
    will still not be executed by the server unless Options ExecCGI is
    enabled.

Ok, so is swish.cgi isn't in a directory that's been marked as
ScriptAlias then we need to manually enable those options.

    <files swish.cgi>
        SetHandler cgi-script
        Options +ExecCGI
    </files>

But what if the files in the directory where swish.cgi is located are
not allowed access?


    <files swish.cgi>
        SetHandler cgi-script
        Options +ExecCGI
        Allow From All
    </files>

Damn, starting to look a lot like what the swish.cgi docs say.

Oh, but what if you want to place that in an .htaccess file?  Well,
then the you need to make sure Apache will allow that, too.  (Apache will
complain if it doesn't).  Then you would read about:

http://httpd.apache.org/docs/1.3/mod/core.html

But what if swish.cgi is not located in the normal document root and
is symlinked?  Well, apache would probably report that it won't follow
symlinks.  Then again:

http://httpd.apache.org/docs/1.3/mod/core.html#options


Did you miss this, too?

> 4) [obligatory top-post and trim posts rants here]



-- 
Bill Moseley
moseley@hank.org

Unsubscribe from or help with the swish-e list: 
   http://swish-e.org/Discussion/

Help with Swish-e:
   http://swish-e.org/current/docs
   swish-e@sunsite.berkeley.edu
Received on Fri Nov 4 06:45:37 2005