FAQ
I have a problem with a legacy server - Apache 1.3. The content of the
site has CGI scripts scattered around so it has a directive (showing
just relevant bits):

<Directory /toplevel>
Options ExecCGI
</Directory>

and it has:

AddHandler cgi-script .cgi

Unfortunately, it also has some static content files with names like:

/toplevel/data/whatever.cgi.html

Until just now, I didn't know that Apache parsed multiple filename
extensions and I guess whoever chose the naming convention for these
static files didn't either :( The result is that these files resulted
in 500 internal server errors being returned to the users, because
Apache tried to interpret them as CGI scripts.

To fix it, I tried adding:

<Directory /toplevel/data>
Options -ExecCGI
</Directory>

but that just changed the error message to 403 Forbidden, which I guess
means it is still parsing the filename extension in that directory and
then refusing to execute it.

Is there some way to tell it that all the files in /toplevel/data/ are
just to be served as static HTML?

I've looked at the FAQ and tried to search but it's an awkard question
to search for. And as you'll have gathered, I'm not an Apache expert!

Thanks, Dave

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Search Discussions

  • André Warnier at Jul 21, 2009 at 10:25 am

    Dave Howorth wrote:
    I have a problem with a legacy server - Apache 1.3. The content of the
    site has CGI scripts scattered around so it has a directive (showing
    just relevant bits):

    <Directory /toplevel>
    Options ExecCGI
    </Directory>
    .. a Very Bad Idea
    and it has:

    AddHandler cgi-script .cgi

    Unfortunately, it also has some static content files with names like:

    /toplevel/data/whatever.cgi.html
    .. compounded
    Until just now, I didn't know that Apache parsed multiple filename
    extensions and I guess whoever chose the naming convention for these
    static files didn't either :( The result is that these files resulted
    in 500 internal server errors being returned to the users, because
    Apache tried to interpret them as CGI scripts.

    To fix it, I tried adding:

    <Directory /toplevel/data>
    Options -ExecCGI
    </Directory>
    Clever, that..
    but that just changed the error message to 403 Forbidden, which I guess
    means it is still parsing the filename extension in that directory and
    then refusing to execute it. Yep. :-)
    Is there some way to tell it that all the files in /toplevel/data/ are
    just to be served as static HTML?

    I've looked at the FAQ and tried to search but it's an awkard question
    to search for. And as you'll have gathered, I'm not an Apache expert!
    That deserves an answer, but it may not be so simple.
    As you have already guessed, that basic setup ..sucks.
    The real good solution would be to gather all these cgi scripts into one
    single directory, and then set only that one up with ExecCGI.
    But that would probably break half the site, no ?

    You could try this :
    <Directory /toplevel/data>
    Options -ExecCGI
    </Directory>
    but add

    <Files ~ "\.cgi$">
    SetHandler cgi-script
    </Files>

    (That's assuming that all the legitimate cgi scripts do end in ".cgi",
    and it may also have security implications. Consider this as a "rough
    draft, quick and dirty" solution.)

    Other than that, there might be other ways involving SetEnvIf or
    RewriteCond/RewriteRule.


    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org
  • Dave Howorth at Jul 21, 2009 at 10:40 am

    André Warnier wrote:
    .. a Very Bad Idea
    .. compounded
    No disagreement from me :)
    You could try this :
    <Directory /toplevel/data>
    Options -ExecCGI
    </Directory>
    but add

    <Files ~ "\.cgi$">
    SetHandler cgi-script
    </Files>

    (That's assuming that all the legitimate cgi scripts do end in ".cgi",
    and it may also have security implications. Consider this as a "rough
    draft, quick and dirty" solution.)

    Other than that, there might be other ways involving SetEnvIf or
    RewriteCond/RewriteRule.
    Thanks for this. While I was waiting, I discovered RemoveHandler and I
    found this worked:

    <Directory /toplevel/data>
    Options -ExecCGI
    RemoveHandler .cgi
    </Directory>

    Hopefully that fixes the immediate problem. I'll look at what
    rearrangement of scripts might be possible.

    Thanks again,
    Dave

    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupusers @
categoriesapache
postedJul 21, '09 at 10:14a
activeJul 21, '09 at 10:40a
posts3
users2
websitehttpd.apache.org
irc#httpd

2 users in discussion

Dave Howorth: 2 posts André Warnier: 1 post

People

Translate

site design / logo © 2022 Grokbase