You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Brian Behlendorf <br...@organic.com> on 1996/11/03 23:17:38 UTC

Re: An old chestnut?

On Thu, 31 Oct 1996, Ben Laurie wrote:
> I'm sure this has come up before but I can't remember why you can't enable
> exec cgi in an SSI without enabling exec cmd (I admit, I haven't tried it, but
> there's a lot of talk about it on www-security, and this is what the code seems
> to say).

Actually, it should be added to the FAQ (one of a long list of things in my
apache-docs to-do mbox :)

Use <!--#include virtual="script.cgi" --> to run CGI's when the IncludesNoExec
option is set.

	Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com  www.apache.org  hyperreal.com  http://www.organic.com/JOBS