You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Matus \"fantomas\" Uhlar" <uh...@fantomas.sk> on 2002/07/10 19:06:11 UTC
Re: [Apache] script alias
-> How do I make a script alias so that I can do this:
->
-> pull up mydomain.com/script.cgi
-> when its actually located
-> in mydomain.com/cgi-bin/script.cgi
why?
--
Matus "fantomas" Uhlar, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I don't wish to receive spam to this address.
Varovanie: Nezelam si na tuto adresu dostavat akukolvek reklamnu postu.
LSD will make your ECS screen display 16.7 million colors
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [Apache] script alias
Posted by "Korey G." <ko...@awpg.com>.
One major advantage is that
"..mod_rewrite is voodoo. Damned cool voodoo, but still voodoo.."
-Brian Moore
At 13:04 7/10/02 -0500, you wrote:
>I'm interested in your comment. I'm thinking like a unix programmer. . .
>A symlink at the OS level seems more efficient than adding a logic instruction
>to a HLL program, i.e., the httpd server. In other words, the httpd has
>to go
>through some if-then-else gyrations that are otherwise implicit at the OS
>level;
>therefore, why not use a symbolic link? Additionally, you can set (i.e.,
>chmod)
>permissions at the file level, rather than deal with the httpd allow/deny
>scenario,
>granted that there may be some message handlling advantages that I'm not
>taking into consideration.
>
>Ron W.
>>----- Original Message -----
>>From: <ma...@awpg.com>Korey G.
>>To: <ma...@httpd.apache.org>users@httpd.apache.org
>>Sent: Wednesday, July 10, 2002 3:45 PM
>>Subject: Re: [Apache] script alias
>>
>>no, because httpd.conf is tha bomb!
>>symbolic linkage is a cop out
>>
>>At 12:41 7/10/02 -0500, you wrote:
>> >Perhaps, create a symbolic link (assuming that you're runing on unix) to
>> >the abbreviated spelling?
>> >(. . .rather than deal with script aliases.)
>> >>----- Original Message -----
>> >>From: <<m...@swift-web.com>Jason
>> >>To:
>> <<m...@httpd.apache.org>users@httpd.apache.org
>> >>Sent: Wednesday, July 10, 2002 12:22 PM
>> >>Subject: RE: [Apache] script alias
>> >>
>> >> > -> How do I make a script alias so that I can do this:
>> >> > ->
>> >> > -> pull up mydomain.com/script.cgi
>> >> > -> when its actually located
>> >> > -> in mydomain.com/cgi-bin/script.cgi
>> >> >
>> >> > why?
>> >>
>> >>I wondered the same thing only reducing it a bit further than the above
>> >>example. My reasons were to shorten
>> >>domain.com/cgi-bin/webmailprogram.cgi
>> >>to
>> >>domain.com/webmail
>> >>
>> >>Is that possible and if so does it open up major security issues?
>> >>-Jay
>> >>
>> >>
>> >>
>> >>---------------------------------------------------------------------
>> >>To unsubscribe, e-mail:
>> >><<m...@httpd.apache.org>mailto:users-unsubscribe@ht
>> tpd.apache.org><ma...@httpd.apache.org>users-unsubscribe@httpd.apache.org
>> >>For additional commands, e-mail:
>> >><<m...@httpd.apache.org>mailto:users-help@httpd.apache.org
>> ><ma...@httpd.apache.org>users-help@httpd.apache.org
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail:
>><ma...@httpd.apache.org>users-unsubscribe@httpd.apache.org
>>For additional commands, e-mail:
>><ma...@httpd.apache.org>users-help@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [Apache] script alias
Posted by "Korey G." <ko...@awpg.com>.
I take it back,
Apache wont allow script processing through sim links,
-Security Concerns
--Snip--
It is also possible, in very rare conditions, for this to
to be used to bypass htaccess files restricting access to
a directory or file. The only case where this can happen
is if the attacker can form a request that results in the
full path to the htaccess file being too long (on most
systems, meaning over 1024 characters) yet the request for
the protected file in the same directory is not too long.
The only normal case where such an attack could be possible
is if there is a symbolic link such as "somedir -> ."
created in the document tree.
-- http://httpd.apache.org/info/security_bulletin_1.2.5.html
--Snip--
At 14:17 7/10/02 -0700, you wrote:
>But I see your point,
> it would be interesting to run some benchmarks on the theory,
>I'll keep you updated,
>-Korey
>
>
>At 13:04 7/10/02 -0500, you wrote:
>>I'm interested in your comment. I'm thinking like a unix programmer. . .
>>A symlink at the OS level seems more efficient than adding a logic
>>instruction
>>to a HLL program, i.e., the httpd server. In other words, the httpd has
>>to go
>>through some if-then-else gyrations that are otherwise implicit at the OS
>>level;
>>therefore, why not use a symbolic link? Additionally, you can set (i.e.,
>>chmod)
>>permissions at the file level, rather than deal with the httpd allow/deny
>>scenario,
>>granted that there may be some message handlling advantages that I'm not
>>taking into consideration.
>>
>>Ron W.
>>>----- Original Message -----
>>>From: <ma...@awpg.com>Korey G.
>>>To: <ma...@httpd.apache.org>users@httpd.apache.org
>>>Sent: Wednesday, July 10, 2002 3:45 PM
>>>Subject: Re: [Apache] script alias
>>>
>>>no, because httpd.conf is tha bomb!
>>>symbolic linkage is a cop out
>>>
>>>At 12:41 7/10/02 -0500, you wrote:
>>> >Perhaps, create a symbolic link (assuming that you're runing on unix) to
>>> >the abbreviated spelling?
>>> >(. . .rather than deal with script aliases.)
>>> >>----- Original Message -----
>>> >>From: <<m...@swift-web.com>Jason
>>> >>To:
>>> <<m...@httpd.apache.org>users@httpd.apache.org
>>> >>Sent: Wednesday, July 10, 2002 12:22 PM
>>> >>Subject: RE: [Apache] script alias
>>> >>
>>> >> > -> How do I make a script alias so that I can do this:
>>> >> > ->
>>> >> > -> pull up mydomain.com/script.cgi
>>> >> > -> when its actually located
>>> >> > -> in mydomain.com/cgi-bin/script.cgi
>>> >> >
>>> >> > why?
>>> >>
>>> >>I wondered the same thing only reducing it a bit further than the above
>>> >>example. My reasons were to shorten
>>> >>domain.com/cgi-bin/webmailprogram.cgi
>>> >>to
>>> >>domain.com/webmail
>>> >>
>>> >>Is that possible and if so does it open up major security issues?
>>> >>-Jay
>>> >>
>>> >>
>>> >>
>>> >>---------------------------------------------------------------------
>>> >>To unsubscribe, e-mail:
>>> >><<m...@httpd.apache.org>mailto:users-unsubscribe@h
>>> t
>>> tpd.apache.org><ma...@httpd.apache.org>users-unsubscribe@httpd.apache.org
>>> >>For additional commands, e-mail:
>>> >><<m...@httpd.apache.org>mailto:users-help@httpd.apache.or
>>> g ><ma...@httpd.apache.org>users-help@httpd.apache.org
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail:
>>><ma...@httpd.apache.org>users-unsubscribe@httpd.apache.org
>>>For additional commands, e-mail:
>>><ma...@httpd.apache.org>users-help@httpd.apache.org
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [Apache] script alias
Posted by "Korey G." <ko...@awpg.com>.
But I see your point,
it would be interesting to run some benchmarks on the theory,
I'll keep you updated,
-Korey
At 13:04 7/10/02 -0500, you wrote:
>I'm interested in your comment. I'm thinking like a unix programmer. . .
>A symlink at the OS level seems more efficient than adding a logic instruction
>to a HLL program, i.e., the httpd server. In other words, the httpd has
>to go
>through some if-then-else gyrations that are otherwise implicit at the OS
>level;
>therefore, why not use a symbolic link? Additionally, you can set (i.e.,
>chmod)
>permissions at the file level, rather than deal with the httpd allow/deny
>scenario,
>granted that there may be some message handlling advantages that I'm not
>taking into consideration.
>
>Ron W.
>>----- Original Message -----
>>From: <ma...@awpg.com>Korey G.
>>To: <ma...@httpd.apache.org>users@httpd.apache.org
>>Sent: Wednesday, July 10, 2002 3:45 PM
>>Subject: Re: [Apache] script alias
>>
>>no, because httpd.conf is tha bomb!
>>symbolic linkage is a cop out
>>
>>At 12:41 7/10/02 -0500, you wrote:
>> >Perhaps, create a symbolic link (assuming that you're runing on unix) to
>> >the abbreviated spelling?
>> >(. . .rather than deal with script aliases.)
>> >>----- Original Message -----
>> >>From: <<m...@swift-web.com>Jason
>> >>To:
>> <<m...@httpd.apache.org>users@httpd.apache.org
>> >>Sent: Wednesday, July 10, 2002 12:22 PM
>> >>Subject: RE: [Apache] script alias
>> >>
>> >> > -> How do I make a script alias so that I can do this:
>> >> > ->
>> >> > -> pull up mydomain.com/script.cgi
>> >> > -> when its actually located
>> >> > -> in mydomain.com/cgi-bin/script.cgi
>> >> >
>> >> > why?
>> >>
>> >>I wondered the same thing only reducing it a bit further than the above
>> >>example. My reasons were to shorten
>> >>domain.com/cgi-bin/webmailprogram.cgi
>> >>to
>> >>domain.com/webmail
>> >>
>> >>Is that possible and if so does it open up major security issues?
>> >>-Jay
>> >>
>> >>
>> >>
>> >>---------------------------------------------------------------------
>> >>To unsubscribe, e-mail:
>> >><<m...@httpd.apache.org>mailto:users-unsubscribe@ht
>> tpd.apache.org><ma...@httpd.apache.org>users-unsubscribe@httpd.apache.org
>> >>For additional commands, e-mail:
>> >><<m...@httpd.apache.org>mailto:users-help@httpd.apache.org
>> ><ma...@httpd.apache.org>users-help@httpd.apache.org
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail:
>><ma...@httpd.apache.org>users-unsubscribe@httpd.apache.org
>>For additional commands, e-mail:
>><ma...@httpd.apache.org>users-help@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [Apache] script alias
Posted by Ron Wingfield <rt...@archaxis.net>.
I'm interested in your comment. I'm thinking like a unix programmer. . .
A symlink at the OS level seems more efficient than adding a logic instruction
to a HLL program, i.e., the httpd server. In other words, the httpd has to go
through some if-then-else gyrations that are otherwise implicit at the OS level;
therefore, why not use a symbolic link? Additionally, you can set (i.e., chmod)
permissions at the file level, rather than deal with the httpd allow/deny scenario,
granted that there may be some message handlling advantages that I'm not
taking into consideration.
Ron W.
----- Original Message -----
From: Korey G.
To: users@httpd.apache.org
Sent: Wednesday, July 10, 2002 3:45 PM
Subject: Re: [Apache] script alias
no, because httpd.conf is tha bomb!
symbolic linkage is a cop out
At 12:41 7/10/02 -0500, you wrote:
>Perhaps, create a symbolic link (assuming that you're runing on unix) to
>the abbreviated spelling?
>(. . .rather than deal with script aliases.)
>>----- Original Message -----
>>From: <ma...@swift-web.com>Jason
>>To: <ma...@httpd.apache.org>users@httpd.apache.org
>>Sent: Wednesday, July 10, 2002 12:22 PM
>>Subject: RE: [Apache] script alias
>>
>> > -> How do I make a script alias so that I can do this:
>> > ->
>> > -> pull up mydomain.com/script.cgi
>> > -> when its actually located
>> > -> in mydomain.com/cgi-bin/script.cgi
>> >
>> > why?
>>
>>I wondered the same thing only reducing it a bit further than the above
>>example. My reasons were to shorten
>>domain.com/cgi-bin/webmailprogram.cgi
>>to
>>domain.com/webmail
>>
>>Is that possible and if so does it open up major security issues?
>>-Jay
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail:
>><ma...@httpd.apache.org>users-unsubscribe@httpd.apache.org
>>For additional commands, e-mail:
>><ma...@httpd.apache.org>users-help@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [Apache] script alias
Posted by Robert Andersson <ro...@profundis.nu>.
Look up ScriptAliasMatch:
http://httpd.apache.org/docs-2.0/mod/mod_alias.html#scriptaliasmatch
Does it do the trick?
Regards,
Robert Andersson
----- Original Message -----
From: "Jason" <ap...@swift-web.com>
To: <us...@httpd.apache.org>
Sent: Wednesday, July 10, 2002 7:57 PM
Subject: RE: [Apache] script alias
> > no, because httpd.conf is tha bomb!
> > symbolic linkage is a cop out
>
> So how does one make a configuration in httpd.conf to do an alias for
this.
> I tried the standard alias stuff and it didn't work but I'm guessing it's
> because it was for a file in a cgi-bin and other things needed to be
> altered.
>
> Any suggestions of what I should look for?
>
> Jay
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [Apache] script alias
Posted by Jason <ap...@swift-web.com>.
> no, because httpd.conf is tha bomb!
> symbolic linkage is a cop out
So how does one make a configuration in httpd.conf to do an alias for this.
I tried the standard alias stuff and it didn't work but I'm guessing it's
because it was for a file in a cgi-bin and other things needed to be
altered.
Any suggestions of what I should look for?
Jay
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [Apache] script alias
Posted by "Korey G." <ko...@awpg.com>.
no, because httpd.conf is tha bomb!
symbolic linkage is a cop out
At 12:41 7/10/02 -0500, you wrote:
>Perhaps, create a symbolic link (assuming that you're runing on unix) to
>the abbreviated spelling?
>(. . .rather than deal with script aliases.)
>>----- Original Message -----
>>From: <ma...@swift-web.com>Jason
>>To: <ma...@httpd.apache.org>users@httpd.apache.org
>>Sent: Wednesday, July 10, 2002 12:22 PM
>>Subject: RE: [Apache] script alias
>>
>> > -> How do I make a script alias so that I can do this:
>> > ->
>> > -> pull up mydomain.com/script.cgi
>> > -> when its actually located
>> > -> in mydomain.com/cgi-bin/script.cgi
>> >
>> > why?
>>
>>I wondered the same thing only reducing it a bit further than the above
>>example. My reasons were to shorten
>>domain.com/cgi-bin/webmailprogram.cgi
>>to
>>domain.com/webmail
>>
>>Is that possible and if so does it open up major security issues?
>>-Jay
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail:
>><ma...@httpd.apache.org>users-unsubscribe@httpd.apache.org
>>For additional commands, e-mail:
>><ma...@httpd.apache.org>users-help@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [Apache] script alias
Posted by Ron Wingfield <rt...@archaxis.net>.
Perhaps, create a symbolic link (assuming that you're runing on unix) to the abbreviated spelling?
(. . .rather than deal with script aliases.)
----- Original Message -----
From: Jason
To: users@httpd.apache.org
Sent: Wednesday, July 10, 2002 12:22 PM
Subject: RE: [Apache] script alias
> -> How do I make a script alias so that I can do this:
> ->
> -> pull up mydomain.com/script.cgi
> -> when its actually located
> -> in mydomain.com/cgi-bin/script.cgi
>
> why?
I wondered the same thing only reducing it a bit further than the above
example. My reasons were to shorten
domain.com/cgi-bin/webmailprogram.cgi
to
domain.com/webmail
Is that possible and if so does it open up major security issues?
-Jay
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [Apache] script alias
Posted by Jason <ap...@swift-web.com>.
> -> How do I make a script alias so that I can do this:
> ->
> -> pull up mydomain.com/script.cgi
> -> when its actually located
> -> in mydomain.com/cgi-bin/script.cgi
>
> why?
I wondered the same thing only reducing it a bit further than the above
example. My reasons were to shorten
domain.com/cgi-bin/webmailprogram.cgi
to
domain.com/webmail
Is that possible and if so does it open up major security issues?
-Jay
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [Apache] script alias
Posted by "Korey G." <ko...@awpg.com>.
Well thats besides the point,
you can have many reasons to do that.
Linkage wise or whatever
At 19:06 7/10/02 +0200, you wrote:
>-> How do I make a script alias so that I can do this:
>->
>-> pull up mydomain.com/script.cgi
>-> when its actually located
>-> in mydomain.com/cgi-bin/script.cgi
>
>why?
>
>--
> Matus "fantomas" Uhlar, uhlar@fantomas.sk ; http://www.fantomas.sk/
> Warning: I don't wish to receive spam to this address.
> Varovanie: Nezelam si na tuto adresu dostavat akukolvek reklamnu postu.
> LSD will make your ECS screen display 16.7 million colors
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org