You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sl...@apache.org on 2006/08/20 20:11:41 UTC
svn commit: r432998 - in /httpd/httpd/branches/2.2.x/docs/manual/mod:
mod_alias.html.en mod_alias.xml
Author: slive
Date: Sun Aug 20 11:11:40 2006
New Revision: 432998
URL: http://svn.apache.org/viewvc?rev=432998&view=rev
Log:
Backport:
Make it clear that url-path is always case-sensitive.
Provide an example of using a regex to make it case-insensitive.
Make it clear that ScriptAlias is only used when you want
BOTH mapping and script-designation.
Partially in response to the disputed vulnerability:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4110
Modified:
httpd/httpd/branches/2.2.x/docs/manual/mod/mod_alias.html.en
httpd/httpd/branches/2.2.x/docs/manual/mod/mod_alias.xml
Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_alias.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_alias.html.en?rev=432998&r1=432997&r2=432998&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_alias.html.en (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_alias.html.en Sun Aug 20 11:11:40 2006
@@ -118,7 +118,9 @@
be stored in the local filesystem other than under the
<code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code>. URLs with a
(%-decoded) path beginning with <var>url-path</var> will be mapped
- to local files beginning with <var>directory-path</var>.</p>
+ to local files beginning with <var>directory-path</var>. The
+ <var>url-path</var> is case-sensitive, even on case-insenitive
+ file systems.</p>
<div class="example"><h3>Example:</h3><p><code>
Alias /image /ftp/pub/image
@@ -184,6 +186,14 @@
AliasMatch ^/icons(.*) /usr/local/apache/icons$1
</code></p></div>
+ <p>It is also possible to construct an alias with case-insensitive
+ matching of the url-path:</p>
+
+ <div class="example"><p><code>
+ AliasMatch (?i)^/image(.*) /ftp/pub/image$1
+ </code></p></div>
+
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="Redirect" id="Redirect">Redirect</a> <a name="redirect" id="redirect">Directive</a></h2>
@@ -200,12 +210,12 @@
<p>The Redirect directive maps an old URL into a new one by asking
the client to refetch the resource at the new location.</p>
- <p>The old <em>URL-path</em> is a (%-decoded) path beginning with
- a slash. A relative path is not allowed. The new <em>URL</em>
- should be an absolute URL beginning with a scheme and hostname,
- but a URL-path beginning with a slash may also be used, in which
- case the scheme and hostname of the current server will be
- added.</p>
+ <p>The old <em>URL-path</em> is a case-sensitive (%-decoded) path
+ beginning with a slash. A relative path is not allowed. The new
+ <em>URL</em> should be an absolute URL beginning with a scheme and
+ hostname, but a URL-path beginning with a slash may also be used,
+ in which case the scheme and hostname of the current server will
+ be added.</p>
<p>Then any request beginning with <em>URL-Path</em> will return a
redirect request to the client at the location of the target
@@ -342,9 +352,9 @@
<p>The <code class="directive">ScriptAlias</code> directive has the same
behavior as the <code class="directive"><a href="#alias">Alias</a></code>
directive, except that in addition it marks the target directory
- as containing CGI scripts that will be processed by <code class="module"><a href="../mod/mod_cgi.html">mod_cgi</a></code>'s cgi-script handler. URLs with a
+ as containing CGI scripts that will be processed by <code class="module"><a href="../mod/mod_cgi.html">mod_cgi</a></code>'s cgi-script handler. URLs with a case-sensitive
(%-decoded) path beginning with <var>URL-path</var> will be mapped
- to scripts beginning with the second argument which is a full
+ to scripts beginning with the second argument, which is a full
pathname in the local filesystem.</p>
<div class="example"><h3>Example:</h3><p><code>
@@ -352,8 +362,34 @@
</code></p></div>
<p>A request for <code>http://myserver/cgi-bin/foo</code> would cause the
- server to run the script <code>/web/cgi-bin/foo</code>.</p>
+ server to run the script <code>/web/cgi-bin/foo</code>. This configuration
+ is essentially equivalent to:</p>
+ <div class="example"><p><code>
+ Alias /cgi-bin/ /web/cgi-bin/<br />
+ <Directory /web/cgi-bin ><br />
+ <span class="indent">
+ SetHandler cgi-script<br />
+ Options +ExecCGI<br />
+ </span>
+ </Directory>
+ </code></p></div>
+ <div class="note">It is safer to avoid placing CGI scripts under the
+ <code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code> in order to
+ avoid accidentally revealing their source code if the
+ configuration is ever changed. The
+ <code class="directive">ScriptAlias</code> makes this easy by mapping a
+ URL and designating CGI scripts at the same time. If you do
+ choose to place your CGI scripts in a directory already
+ accessible from the web, do not use
+ <code class="directive">ScriptAlias</code>. Instead, use <code class="directive"><a href="../mod/core.html#directory"><Directory></a></code>, <code class="directive"><a href="../mod/core.html#sethandler">SetHandler</a></code>, and <code class="directive"><a href="../mod/core.html#options">Options</a></code> as shown in the second example
+ above.</div>
+
+
+<h3>See also</h3>
+<ul>
+<li><a href="../howto/cgi.html">CGI Tutorial</a></li>
+</ul>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="ScriptAliasMatch" id="ScriptAliasMatch">ScriptAliasMatch</a> <a name="scriptaliasmatch" id="scriptaliasmatch">Directive</a></h2>
@@ -388,4 +424,4 @@
</div><div id="footer">
<p class="apache">Copyright 2006 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>
-</body></html>
\ No newline at end of file
+</body></html>
Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_alias.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_alias.xml?rev=432998&r1=432997&r2=432998&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_alias.xml (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_alias.xml Sun Aug 20 11:11:40 2006
@@ -106,7 +106,9 @@
be stored in the local filesystem other than under the
<directive module="core">DocumentRoot</directive>. URLs with a
(%-decoded) path beginning with <var>url-path</var> will be mapped
- to local files beginning with <var>directory-path</var>.</p>
+ to local files beginning with <var>directory-path</var>. The
+ <var>url-path</var> is case-sensitive, even on case-insenitive
+ file systems.</p>
<example><title>Example:</title>
Alias /image /ftp/pub/image
@@ -175,6 +177,14 @@
<example>
AliasMatch ^/icons(.*) /usr/local/apache/icons$1
</example>
+
+ <p>It is also possible to construct an alias with case-insensitive
+ matching of the url-path:</p>
+
+ <example>
+ AliasMatch (?i)^/image(.*) /ftp/pub/image$1
+ </example>
+
</usage>
</directivesynopsis>
@@ -192,12 +202,12 @@
<p>The Redirect directive maps an old URL into a new one by asking
the client to refetch the resource at the new location.</p>
- <p>The old <em>URL-path</em> is a (%-decoded) path beginning with
- a slash. A relative path is not allowed. The new <em>URL</em>
- should be an absolute URL beginning with a scheme and hostname,
- but a URL-path beginning with a slash may also be used, in which
- case the scheme and hostname of the current server will be
- added.</p>
+ <p>The old <em>URL-path</em> is a case-sensitive (%-decoded) path
+ beginning with a slash. A relative path is not allowed. The new
+ <em>URL</em> should be an absolute URL beginning with a scheme and
+ hostname, but a URL-path beginning with a slash may also be used,
+ in which case the scheme and hostname of the current server will
+ be added.</p>
<p>Then any request beginning with <em>URL-Path</em> will return a
redirect request to the client at the location of the target
@@ -337,9 +347,9 @@
behavior as the <directive module="mod_alias">Alias</directive>
directive, except that in addition it marks the target directory
as containing CGI scripts that will be processed by <module
- >mod_cgi</module>'s cgi-script handler. URLs with a
+ >mod_cgi</module>'s cgi-script handler. URLs with a case-sensitive
(%-decoded) path beginning with <var>URL-path</var> will be mapped
- to scripts beginning with the second argument which is a full
+ to scripts beginning with the second argument, which is a full
pathname in the local filesystem.</p>
<example><title>Example:</title>
@@ -347,8 +357,34 @@
</example>
<p>A request for <code>http://myserver/cgi-bin/foo</code> would cause the
- server to run the script <code>/web/cgi-bin/foo</code>.</p>
+ server to run the script <code>/web/cgi-bin/foo</code>. This configuration
+ is essentially equivalent to:</p>
+ <example>
+ Alias /cgi-bin/ /web/cgi-bin/<br />
+ <Directory /web/cgi-bin ><br />
+ <indent>
+ SetHandler cgi-script<br />
+ Options +ExecCGI<br />
+ </indent>
+ </Directory>
+ </example>
+
+ <note>It is safer to avoid placing CGI scripts under the
+ <directive module="core">DocumentRoot</directive> in order to
+ avoid accidentally revealing their source code if the
+ configuration is ever changed. The
+ <directive>ScriptAlias</directive> makes this easy by mapping a
+ URL and designating CGI scripts at the same time. If you do
+ choose to place your CGI scripts in a directory already
+ accessible from the web, do not use
+ <directive>ScriptAlias</directive>. Instead, use <directive
+ module="core" type="section">Directory</directive>, <directive
+ module="core">SetHandler</directive>, and <directive
+ module="core">Options</directive> as shown in the second example
+ above.</note>
+
</usage>
+<seealso><a href="../howto/cgi.html">CGI Tutorial</a></seealso>
</directivesynopsis>
<directivesynopsis>