is essentially equivalent to:</p>
<div class="example"><p><code>
Alias /cgi-bin/ /web/cgi-bin/<br />
- <Directory /web/cgi-bin ><br />
+ <Location /cgi-bin ><br />
<span class="indent">
SetHandler cgi-script<br />
Options +ExecCGI<br />
</span>
- </Directory>
+ </Location>
</code></p></div>
- <div class="note">It is safer to avoid placing CGI scripts under the
+ <div class="warning">It is safer to avoid placing CGI scripts under the
<code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code> in order to
avoid accidentally revealing their source code if the
configuration is ever changed. The
URL and designating CGI scripts at the same time. If you do
choose to place your CGI scripts in a directory already
accessible from the web, do not use
- <code class="directive">ScriptAlias</code>. Instead, use <code class="directive"><a href="../mod/core.html#directory"><Directory></a></code>, <code class="directive"><a href="../mod/core.html#sethandler">SetHandler</a></code>, and <code class="directive"><a href="../mod/core.html#options">Options</a></code> as shown in the second example
- above.</div>
+ <code class="directive">ScriptAlias</code>. Instead, use <code class="directive"><a href="../mod/core.html#directory"><Directory></a></code>, <code class="directive"><a href="../mod/core.html#sethandler">SetHandler</a></code>, and <code class="directive"><a href="../mod/core.html#options">Options</a></code> as in:
+ <div class="example"><p><code>
+ <Directory /usr/local/apache2/htdocs/cgi-bin ><br />
+ <span class="indent">
+ SetHandler cgi-script<br />
+ Options ExecCGI<br />
+ </span>
+ </Directory>
+ </code></p></div>
+ This is necessary since multiple <var>URL-paths</var> can map
+ to the same filesystem location, potentially bypassing the
+ <code class="directive">ScriptAlias</code> and revealing the source code
+ of the CGI scripts if they are not restricted by a
+ <code class="directive"><a href="../mod/core.html#directory">Directory</a></code> section.</div>
<h3>See also</h3>
</div><div id="footer">
<p class="apache">Copyright 1995-2005 The Apache Software Foundation or its licensors, as applicable.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>
-</body></html>
\ No newline at end of file
+</body></html>
is essentially equivalent to:</p>
<example>
Alias /cgi-bin/ /web/cgi-bin/<br />
- <Directory /web/cgi-bin ><br />
+ <Location /cgi-bin ><br />
<indent>
SetHandler cgi-script<br />
Options +ExecCGI<br />
</indent>
- </Directory>
+ </Location>
</example>
- <note>It is safer to avoid placing CGI scripts under the
+ <note type="warning">It is safer to avoid placing CGI scripts under the
<directive module="core">DocumentRoot</directive> in order to
avoid accidentally revealing their source code if the
configuration is ever changed. The
<directive>ScriptAlias</directive>. Instead, use <directive
module="core" type="section">Directory</directive>, <directive
module="core">SetHandler</directive>, and <directive
- module="core">Options</directive> as shown in the second example
- above.</note>
+ module="core">Options</directive> as in:
+ <example>
+ <Directory /usr/local/apache2/htdocs/cgi-bin ><br />
+ <indent>
+ SetHandler cgi-script<br />
+ Options ExecCGI<br />
+ </indent>
+ </Directory>
+ </example>
+ This is necessary since multiple <var>URL-paths</var> can map
+ to the same filesystem location, potentially bypassing the
+ <directive>ScriptAlias</directive> and revealing the source code
+ of the CGI scripts if they are not restricted by a
+ <directive module="core">Directory</directive> section.</note>
</usage>
<seealso><a href="../howto/cgi.html">CGI Tutorial</a></seealso>
projects / thirdparty / apache / httpd.git / commitdiff
