RE: Secure CGI Implementation
On Sun, 29 Dec 2002, Michael Olds wrote:
> Q: If the cgi-bin is placed outside the DocumentRoot and a script creates an
> html page to be served to the public, how does this work?
>
> A: Just fine. You can map your web space any way you like.
>
> Actually, Bill, 'Just Fine is just fine if it works...I havn't quite got it
> up and running yet.' I am trying to ask short 'n sweet questions to the
> point (not my natural style, which usually includes numerous subordinate
> clauses, etc...you understand...)...I wouldn't object to an explanation of
> the process.
DocumentRoot maps the reqest for / to a directory -- it's mapping URL
space to disk space.
But there's doesn't have to be a one-to-one mapping. Alias map URLs to
directories, so http://localhost/foo can be anywhere.
ScriptAlias is a special form of Alias that sets the options for running
CGI scripts. I rarely use ScriptAlias and instead use Alias and set the
options for CGI processing explicitly for the specific directory or files.
UserDir is another way to map your web space.
So, if I have your question right, you can map the URL space any way you
like with use of DocumentRoot and Alias directives. Then you can use
<Directory> or <Files> blocks to define what happens to those files when
requested (e.g. run as a script, or password required, or limit to
specific IPs).
And with things like mod_perl there doesn't even need to be any mapping
from URL space to file space -- for example you can have all the content
generated dynamically out of a database.
--
Bill Moseley moseley@hank.org
Reply to: