Am I missing something here or do you no longer have to be explicit in saying > > <Directory "/cgi-bin"> > > AllowOverride None > > Options None > > Order allow,deny > > Allow from all > > </Directory> > > ---snip---- Options ExecCGI ???? > -----Original Message----- > From: H D Moore [mailto:hdmat_private] > Sent: Saturday, June 09, 2001 1:44 PM > To: Alex Andrews; vuln-devat_private > Subject: Re: script locations (how to setuo scripts as any extention) > > > This is all a bit OT but... > > There is another trick you can use to setup an entire directory structure > that is parsed by the same script. I have yet to figure out how > to do it to > the root directory, although a redirect may possibly do it: > > application/x-httpd-php3 /fakedir > > Now create a script called 'fakedir' in your document root and use the > $PATH_INFO environment variable to parse out what document was actually > requested. If the "document" requested doesnt exist, you can > return an exact > replica of the 404 error page. This lets you do things like > create an entire > document tree which resides only in a database, most major news > sites use a > similar technique for storing articles online. For instance, a > request like: > > /fakedir/somedoc54.html > > Could be parsed by your script to look up a database record with > an index of > 54, then format and return the page. > > -HD > > > > On Saturday 09 June 2001 04:59 am, Alex Andrews wrote: > > In my previous post, i mentioned how it is possible to setup > cgi-bin style > > directories at any location, and run scripts from any file > extension. The > > following imforms you of how under Apache at least this is possible: > > > > > > 0) Standard Disclaimer > > Just to say use the techniques described here at your own risk. You have > > been told > > > > 1) Placing cgi-scripts anywhere > > > > The following is taken from my httpd.conf. > > > > ---snip--------- > > ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/" > > > > # > > # "/usr/local/apache/cgi-bin" should be changed to whatever your > > ScriptAliased # CGI directory exists, if you have that configured. > > # > > <Directory "/cgi-bin"> > > AllowOverride None > > Options None > > Order allow,deny > > Allow from all > > </Directory> > > ---snip---- > > > > As we can see, you can make the script aliased CGI directory, ie the > > directory where the scripts are stored into anything, and be > called on the > > webserver anything. Scripts will only be allowed here (unless...well see > > below) The syntax is: ScriptAlias < what shall the directory be > called on > > the server ie /cgi-bin> <where is the directory, absolute path> For > > example, if i stored my scripts for some obscure reason in a directory > > called /usr/local/cgi, and wanted people to access scripts from > > http://www.myserver.com/script-fu/ i would do the following: ScriptAlias > > /script-fu/ "/usr/local/cgi" > > Then add the following access restrictions to the directory: > > <Directory "/script-fu"> > > AllowOverride None > > Options None > > Order allow,deny > > Allow from all > > </Directory> > > Easy huh! I havent tested this, but in theroy you could even > make the root > > of your web server scriptable (make the htdocs directory the same as the > > script alias) But this is only the start, infact you can easily allow a > > script to be executed anywhere, in or out of the cgi-bin alike > directory, > > by using the AddHandler. The format of the command is simple: AddHandler > > <what handler> <extension> > > So if i want to execute my perl anywhere i do this: > > AddHandler cgi-script .cgi > > And voila! It's done obviously! I can add as many different > extensions as I > > like for it. So if i want scripts with .ale extensions to work > anywhere i > > can. AddHandler cgi-script .cgi .ale > > > > 2) Make the server parse any document for php/ssi/whatever > > > > First lets deal with server side parsing languages, php as the example > > here. When we install php we add the following lines to where > ever the mime > > types are stored for apache (in httpd.conf for me): AddType > > application/x-httpd-php3 .phpAddType > application/x-httpd-php3-source .phps > > > > There is nothing to stop you allowing php to be parsed from any > extension > > you desire. So if want php to be parse out of the much used > .ale extension > > i simply do this: AddType application/x-httpd-php3 .php .ale > > AddType application/x-httpd-php3-source .phps .ale > > The syntax is then AddType <type> <extension> <extensions>. > Although I have > > no experience, the documentation suggests that anyother server side > > scripting language can be set in a similar manner. Now lets > deal with those > > SSI pages, the following lines of the httpd.conf, deal with > this aspect of > > the server: AddType text/html .shtml > > AddHandler server-parsed .shtml > > Obviously these two varibles can also be changed. If I wanted > to make all > > .ale pages ssi parsed i would do the following. AddType text/html .ale > > AddHandler server-parsed .ale > > So: > > AddType <mime type> <extensions> > > AddHandler <what handler> <extensions> > > > > 4) Links > > > > The Apache Project Homepage which includes complete documentation: > > http://www.apache.org The PHP scripting language homepage: > > http://www.php.net > > > > > > And there we go, thats it, if i managed to keep your attention this far, > > you are a better person than me. > > > > Thanks for your time > > Alex > > > > ------- > > An unexamined life is not worth living > > --
This archive was generated by hypermail 2b30 : Mon Jun 11 2001 - 08:20:11 PDT