You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sl...@apache.org on 2006/08/20 21:47:20 UTC
svn commit: r433023 - in /httpd/httpd/branches/2.0.x/docs/manual/mod:
mod_alias.html.en mod_alias.xml
Author: slive
Date: Sun Aug 20 12:47:19 2006
New Revision: 433023
URL: http://svn.apache.org/viewvc?rev=433023&view=rev
Log:
Backport:
My last effort was a little too succinct and not quite precise
enough. Try being more explicit.
This does leave the danger that people will clip the <Location>
example as the proper way to do things, when they should be
reading on to the <Directory> example. The <Location> example
is only correct when used in conjunction with Alias.
Modified:
httpd/httpd/branches/2.0.x/docs/manual/mod/mod_alias.html.en
httpd/httpd/branches/2.0.x/docs/manual/mod/mod_alias.xml
Modified: httpd/httpd/branches/2.0.x/docs/manual/mod/mod_alias.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/docs/manual/mod/mod_alias.html.en?rev=433023&r1=433022&r2=433023&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/docs/manual/mod/mod_alias.html.en (original)
+++ httpd/httpd/branches/2.0.x/docs/manual/mod/mod_alias.html.en Sun Aug 20 12:47:19 2006
@@ -355,15 +355,15 @@
is essentially equivalent to:</p>
<div class="example"><p><code>
Alias /cgi-bin/ /web/cgi-bin/<br />
- <Directory /web/cgi-bin ><br />
+ <Location /cgi-bin ><br />
<span class="indent">
SetHandler cgi-script<br />
Options +ExecCGI<br />
</span>
- </Directory>
+ </Location>
</code></p></div>
- <div class="note">It is safer to avoid placing CGI scripts under the
+ <div class="warning">It is safer to avoid placing CGI scripts under the
<code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code> in order to
avoid accidentally revealing their source code if the
configuration is ever changed. The
@@ -371,8 +371,20 @@
URL and designating CGI scripts at the same time. If you do
choose to place your CGI scripts in a directory already
accessible from the web, do not use
- <code class="directive">ScriptAlias</code>. Instead, use <code class="directive"><a href="../mod/core.html#directory"><Directory></a></code>, <code class="directive"><a href="../mod/core.html#sethandler">SetHandler</a></code>, and <code class="directive"><a href="../mod/core.html#options">Options</a></code> as shown in the second example
- above.</div>
+ <code class="directive">ScriptAlias</code>. Instead, use <code class="directive"><a href="../mod/core.html#directory"><Directory></a></code>, <code class="directive"><a href="../mod/core.html#sethandler">SetHandler</a></code>, and <code class="directive"><a href="../mod/core.html#options">Options</a></code> as in:
+ <div class="example"><p><code>
+ <Directory /usr/local/apache2/htdocs/cgi-bin ><br />
+ <span class="indent">
+ SetHandler cgi-script<br />
+ Options ExecCGI<br />
+ </span>
+ </Directory>
+ </code></p></div>
+ This is necessary since multiple <var>URL-paths</var> can map
+ to the same filesystem location, potentially bypassing the
+ <code class="directive">ScriptAlias</code> and revealing the source code
+ of the CGI scripts if they are not restricted by a
+ <code class="directive"><a href="../mod/core.html#directory">Directory</a></code> section.</div>
<h3>See also</h3>
@@ -412,4 +424,4 @@
</div><div id="footer">
<p class="apache">Copyright 1995-2005 The Apache Software Foundation or its licensors, as applicable.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>
-</body></html>
\ No newline at end of file
+</body></html>
Modified: httpd/httpd/branches/2.0.x/docs/manual/mod/mod_alias.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/docs/manual/mod/mod_alias.xml?rev=433023&r1=433022&r2=433023&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/docs/manual/mod/mod_alias.xml (original)
+++ httpd/httpd/branches/2.0.x/docs/manual/mod/mod_alias.xml Sun Aug 20 12:47:19 2006
@@ -348,15 +348,15 @@
is essentially equivalent to:</p>
<example>
Alias /cgi-bin/ /web/cgi-bin/<br />
- <Directory /web/cgi-bin ><br />
+ <Location /cgi-bin ><br />
<indent>
SetHandler cgi-script<br />
Options +ExecCGI<br />
</indent>
- </Directory>
+ </Location>
</example>
- <note>It is safer to avoid placing CGI scripts under the
+ <note type="warning">It is safer to avoid placing CGI scripts under the
<directive module="core">DocumentRoot</directive> in order to
avoid accidentally revealing their source code if the
configuration is ever changed. The
@@ -367,8 +367,20 @@
<directive>ScriptAlias</directive>. Instead, use <directive
module="core" type="section">Directory</directive>, <directive
module="core">SetHandler</directive>, and <directive
- module="core">Options</directive> as shown in the second example
- above.</note>
+ module="core">Options</directive> as in:
+ <example>
+ <Directory /usr/local/apache2/htdocs/cgi-bin ><br />
+ <indent>
+ SetHandler cgi-script<br />
+ Options ExecCGI<br />
+ </indent>
+ </Directory>
+ </example>
+ This is necessary since multiple <var>URL-paths</var> can map
+ to the same filesystem location, potentially bypassing the
+ <directive>ScriptAlias</directive> and revealing the source code
+ of the CGI scripts if they are not restricted by a
+ <directive module="core">Directory</directive> section.</note>
</usage>
<seealso><a href="../howto/cgi.html">CGI Tutorial</a></seealso>