[users@httpd] Disallow script execution in directory

[Oliver Betz <li...@gmx.net>]

Hi,

since there are many ways to configure script interpreters, I'm
looking for a safe and universal way to disallow execution of scripts
in certain directories, i.e. directories where CMS users can upload
files.

I found two settings:

"Options -ExecCGI" - seems to be effective in usual virtual hosting
environments but doesn't help for languages running as module.

"SetHandler default-handler" works also for script languages running
as module.

I'm afraid I overlooked something, could you please rate the options
mentioned above or point me to even better solutions?

I would also like to learn why "SetHandler None" documented in
http://httpd.apache.org/docs/current/mod/core.html#sethandler didn't
make any difference in my experiments.

Thanks in advance,

Oliver
-- 
Oliver Betz, Munich http://oliverbetz.de/


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] Re: Disallow script execution in directory

[Oliver Betz <li...@gmx.net>]

Hello,

was my question inappropriate for this group? Please tell me a better
place in this case.

Thanks in advance,

Oliver
-- 
Oliver Betz, Munich http://oliverbetz.de/


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org