apache: CGI-scripts using PATH_TRANSLATED, .htaccess

apache: CGI-scripts using PATH_TRANSLATED, .htaccess

Post by D. Roc » Tue, 10 Mar 1998 04:00:00


is it possible to configure apache, so that it is not possible to access
a protected area (with .htaccess), via cgi-scripts which use the PATH_TRANSLATED
variable to access certain documents:

I have a directory called /protected with limited access. If I access this
directory with the system wide installed cgi-script
I receive the page regardless of the contents in .htaccess. Since the page
contains no special w3-msql tags, I receive this page completely uninterpreted,
even images or other weird documents can be accessed this way! If links are
relative, I can simply browse a complete protected hierarchy (sometimes I
have to manually append an "index.html", but that's all)

An error is logged in error_log, though:
[Mon Mar  9 02:40:12 1998] [error] Client denied by server configuration: /usr/www/docs/protected/index.html

How can I stop apache allowing such transfers?



1. PATH_TRANSLATED missing from Apache cgi script environment

I've written a custom script for presenting the contents of
a directory, using the DirectoryIndex directive of srm.conf.
I'm looking at the environment of the script, and PATH_TRANSLATED
isn't there.

I've just compiled Apache/1.2b7 on Solaris 2.5 and am running the
binary on a 2.5.1 host.  Could this be it?

The real question is, how can I determine the real directory in which
the script is running?  We're doing some Aliasing using srm.conf
directives, and for Aliased URLs, I would expect real path to be

Am I mistaken, or have I tickled a bug, or what?


2. fortrancompiler.....

3. Apache executing cgi-scripts inside .htaccess protected directories

4. Any conversion/training courses in US to move into an IT-related career ??

5. Using .cgi/.pl to enable CGI script in Apache

6. PPP and FreeBSD

7. Apache: .htaccess & cgi scripts

8. korn shell

9. apache: give /home/mailman/cgi-bin permissions to run cgi-scripts.

10. Redirect cgi (perl) scripts using Apache 0.8.14

11. APACHE: using CGI scripts ?

12. using cgi scripts on an apache proxy server

13. Trouble w/CGI Scripts & Virtual Server Using Apache