by Hi,
is it possible to configure apache, so that it is not possible to access
a protected area (with .htaccess), via cgi-scripts which use the PATH_TRANSLATED
variable to access certain documents:
Example:
I have a directory called /protected with limited access. If I access this
directory with the system wide installed cgi-script
/cgi-bin/w3-msql/protected/index.html
I receive the page regardless of the contents in .htaccess. Since the page
contains no special w3-msql tags, I receive this page completely uninterpreted,
even images or other weird documents can be accessed this way! If links are
relative, I can simply browse a complete protected hierarchy (sometimes I
have to manually append an "index.html", but that's all)
An error is logged in error_log, though:
[Mon Mar 9 02:40:12 1998] [error] Client denied by server configuration: /usr/www/docs/protected/index.html
How can I stop apache allowing such transfers?
Thanks,
Daniel