Apache: .htaccess & cgi scripts

Apache: .htaccess & cgi scripts

Post by Aaron Turne » Wed, 24 Dec 1997 04:00:00

I'm trying to setup a directory in Apache (1.1.3 on RedHat Linux) so
that I can control access to certain directories via IP address and
other's via a username/password.  So far I've got it all working execpt
for one part.  Here's what I've got so far:

/home/httpd/cgi-bin  <--IP protected
/home/httpd/html     <--IP protected
/home/httpd/html/page/  <--username/password protected

What I need is to get a cgi script to exectute off of
/home/httpd/html/page/  (so that it is password protected)

I've got the following in my access.conf:

<Directory /home/httpd/html/page>
Options FollowSymLinks ExecCGI
AllowOverride AuthConfig
order deny,allow
allow from all

but when I have a form that does a GET on a cgi script in the directory
it fails.  If I put the cgi script in the /home/httpd/cgi-bin it works,
but is only accessable to certain IP's (which doesn't work, 'cuz we've
got a number of scripts that need to be protected via IP lookup.)

I've tried using symlinks (both ways) but that doesn't work.

What am I doing wrong?


Please cc: me in any replies to the newsgroup.


Network Engineer                         |  Voice: 415.237.0311 x252
Vicinity Corp.  http://www.vicinity.com  |  Fax:   415.237.0305


1. Apache executing cgi-scripts inside .htaccess protected directories


Is it possible to execute cgi scripts in .htaccess protected directories,
and to have these scripts call other scripts in the same directory?

I'm using CGI scripts to generate forms. The scripts are located in
directories protected by a .htaccess mechanism. The action for the first
form (lets call it foo.cgi) is a second cgi script (let's call it test.cgi).

Let's say that foo.cgi (written in tcl) has something like.

puts "Content-type: text/html\n"
puts "<Head>"
puts "</head>"
puts "<BODY >"
puts "<FORM ENCTYPE=\"multipart/form-data\" NAME = form_er METHOD=POST
puts "<H3>File Information</H3>"
puts ""
puts "CAD System  :<SELECT NAME=\"cadsrc\"> "
puts "            <OPTION> Pro/Engineer"
puts "            </SELECT> <P>"
puts "<input type = submit value = \" Send \">     <INPUT TYPE=reset
VALUE=\" Clear Entries \">"
puts "</FORM>"

Assuming that all test.cgi does is print out the environment variables.

puts "Content-type: text/html\n"
puts "<HTML>"
puts "<HEAD>"
puts "<TITLE>User  has been registered</TITLE>"
puts "</HEAD>"
puts "<BODY >"
foreach name [array names env] {
      puts "$name is  $env($name) <br>"
puts "</BODY>"
puts "</HTML>"

The problem I'm having is that having authenticated properly to foo.cgi,
the authentication is not recognized when I "submit" the action (and
try to execute test.cgi). If I place test.cgi in an unprotected directory,
I have no problem completing the action from foo.cgi. BUT, I no longer
have the REMOTE_USER environment variable properly set (which I
need for my application). I have no problem executing test.cgi directly
(i.e., opening http://my.www.server/test.cgi)....I simply authenticate
and the REMOTE_USER variable is set and echoed back to me.
All of this is with Apache 1.0.2.

Any help with this matter would be appreciated.

2. Sound VIBRA16 problem with CDs

3. apache: CGI-scripts using PATH_TRANSLATED, .htaccess

4. WWW server cgi facility not working (HELP)

5. Apache, htaccess & cgi

6. FreeBSD 2.1.7 FTP Install Problem

7. .htaccess for Apache & cgi generated forms

8. Redhat 8 startx issue with .xinitrc

9. Apache && CGI && uid || back to cern?

10. apache: give /home/mailman/cgi-bin permissions to run cgi-scripts.

11. apache: cgi script not in cgi-bin

12. Using .cgi/.pl to enable CGI script in Apache

13. Apache 1.2.1 & CGI scripts