Re: Apache + CGI
Jakob Borg wrote:
> I got the impression that IncludesNOEXEC was the feature I needed and
> solved my problem. I (my users) can still use the #include virtual="" to
> user "legitimate" CGIs. Is that not so?
The mod_include documentation says this:
include
This command inserts the text of another document or file into
the parsed file. Any included file is subject to the usual
access control. If the directory containing the parsed file has
the Option IncludesNOEXEC set, and the including the document
would cause a program to be executed, then it will not be
included; this prevents the execution of CGI scripts. Otherwise
CGI scripts are invoked as normal using the complete URL given
in the command, including any query string.
This gives me the impression that you can't disable `exec' without
disabling `include=<CGI script>'.
Try it and see.
--
Glynn Clements <glynn@sensei.co.uk>
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: