You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Jon Ryder <jo...@yahoo.co.uk> on 2003/07/08 03:56:05 UTC

[users@httpd] Can a miss-configuration leak source code?

Hi,

My Apache server is running happily and everything is
working fine.  In order to use Perl/CGI scripts, I
have uploaded all the scripts into a /cgi-bin/ and
then used the ScriptAlias directive.  Also I have used
the following.

<IfModule mod_mime.c>
AddHandler cgi-script .cgi .pl
</IfModule>

I am worried I may one day make a small mistake,
without noticing, which will leak the source code to
the browser, say if I mapped a DocumentRoot to the
cgi-bin by mistake?  But as I am using AddHandler
cgi-script I take it, Apache will execute all .pl/.cgi
(in my case above) whatever directory they are in, or
whatever permission the files may have?

Is the AddHandler on a per server directive or can it
be changed per VirtualHost?

Jon.

________________________________________________________________________
Want to chat instantly with your online friends?  Get the FREE Yahoo!
Messenger http://uk.messenger.yahoo.com/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org