You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Dave Howorth <dh...@mrc-lmb.cam.ac.uk> on 2009/07/21 12:14:34 UTC

[users@httpd] whatever.cgi.html

I have a problem with a legacy server - Apache 1.3. The content of the
site has CGI scripts scattered around so it has a directive (showing
just relevant bits):

<Directory /toplevel>
    Options ExecCGI
</Directory>

and it has:

AddHandler cgi-script .cgi

Unfortunately, it also has some static content files with names like:

/toplevel/data/whatever.cgi.html

Until just now, I didn't know that Apache parsed multiple filename
extensions and I guess whoever chose the naming convention for these
static files didn't either :(  The result is that these files resulted
in 500 internal server errors being returned to the users, because
Apache tried to interpret them as CGI scripts.

To fix it, I tried adding:

<Directory /toplevel/data>
    Options -ExecCGI
</Directory>

but that just changed the error message to 403 Forbidden, which I guess
means it is still parsing the filename extension in that directory and
then refusing to execute it.

Is there some way to tell it that all the files in /toplevel/data/ are
just to be served as static HTML?

I've looked at the FAQ and tried to search but it's an awkard question
to search for. And as you'll have gathered, I'm not an Apache expert!

Thanks, Dave

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] whatever.cgi.html

Posted by Dave Howorth <dh...@mrc-lmb.cam.ac.uk>.

André Warnier wrote:
> .. a Very Bad Idea
> .. compounded

No disagreement from me :)

> You could try this :
> 
>> <Directory /toplevel/data>
>>     Options -ExecCGI
>> </Directory>
> 
> but add
> 
> <Files ~ "\.cgi$">
>  SetHandler cgi-script
> </Files>
> 
> (That's assuming that all the legitimate cgi scripts do end in ".cgi",
> and it may also have security implications. Consider this as a "rough
> draft, quick and dirty" solution.)
> 
> Other than that, there might be other ways involving SetEnvIf or
> RewriteCond/RewriteRule.

Thanks for this. While I was waiting, I discovered RemoveHandler and I
found this worked:

<Directory /toplevel/data>
    Options       -ExecCGI
    RemoveHandler .cgi
</Directory>

Hopefully that fixes the immediate problem. I'll look at what
rearrangement of scripts might be possible.

Thanks again,
Dave

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] whatever.cgi.html

Posted by André Warnier <aw...@ice-sa.com>.

Dave Howorth wrote:
> I have a problem with a legacy server - Apache 1.3. The content of the
> site has CGI scripts scattered around so it has a directive (showing
> just relevant bits):
> 
> <Directory /toplevel>
>     Options ExecCGI
> </Directory>

.. a Very Bad Idea

> 
> and it has:
> 
> AddHandler cgi-script .cgi
> 
> Unfortunately, it also has some static content files with names like:
> 
> /toplevel/data/whatever.cgi.html

.. compounded

> 
> Until just now, I didn't know that Apache parsed multiple filename
> extensions and I guess whoever chose the naming convention for these
> static files didn't either :(  The result is that these files resulted
> in 500 internal server errors being returned to the users, because
> Apache tried to interpret them as CGI scripts.
> 
> To fix it, I tried adding:
> 
> <Directory /toplevel/data>
>     Options -ExecCGI
> </Directory>
> 

Clever, that..

> but that just changed the error message to 403 Forbidden, which I guess
> means it is still parsing the filename extension in that directory and
> then refusing to execute it.

Yep. :-)

> 
> Is there some way to tell it that all the files in /toplevel/data/ are
> just to be served as static HTML?
> 
> I've looked at the FAQ and tried to search but it's an awkard question
> to search for. And as you'll have gathered, I'm not an Apache expert!
> 
That deserves an answer, but it may not be so simple.
As you have already guessed, that basic setup ..sucks.
The real good solution would be to gather all these cgi scripts into one 
single directory, and then set only that one up with ExecCGI.
But that would probably break half the site, no ?

You could try this :

 > <Directory /toplevel/data>
 >     Options -ExecCGI
 > </Directory>

but add

<Files ~ "\.cgi$">
  SetHandler cgi-script
</Files>

(That's assuming that all the legitimate cgi scripts do end in ".cgi", 
and it may also have security implications. Consider this as a "rough 
draft, quick and dirty" solution.)

Other than that, there might be other ways involving SetEnvIf or 
RewriteCond/RewriteRule.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org