httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "dbdweeb" <dbdw...@myway.com>
Subject RE: [users@httpd] Need a VirtualScriptAliasMatch Directive
Date Tue, 01 Apr 2003 14:44:19 GMT

What? No takers on this?

I confess my cluelessness. :-)


 --- On Mon 03/31, dbdweeb < dbdweeb@myway.com > wrote:
From: dbdweeb [mailto: dbdweeb@myway.com]
To: users@httpd.apache.org
Date: Mon, 31 Mar 2003 10:21:04 -0500 (EST)
Subject: [users@httpd] Need a VirtualScriptAliasMatch Directive

<br> There's this webapp where customers can drop binaries into the /cgi-bin/ of their
changerooted vhost environment. If they escape the changeroot they can do nasty stuff from
the browser. To prevent this ScriptAliasMatch is used as follows:<br><br><br><br>#
virtual host entry for cust1<br><br><VirtualHost ###.###.###.###:80><br><br>
DocumentRoot /app/cust1/vhost/cust1<br><br> ServerName cust1.host.com<br><br>
ScriptAliasMatch ^/cgi-bin/cust1$ /app/cust1/cgi-bin/cust1<br><br> ScriptAliasMatch
^/cgi-bin/app1/(.*) /app/cust1/cgi-bin/app1/$1<br><br> ScriptAliasMatch ^/cgi-bin/app2/(.*)
/app/cust1/cgi-bin/app2/$1<br><br> ### ScriptAliasMatch continues at length!!<br><br>
<Directory /app/cust1/cgi-bin/><br><br>  Options FollowSymLinks<br><br>
</Directory><br></VirtualHost><br><br><br><br>There
are many other subdirectories of /cgi-bin/ not listed in the above which MUST NOT be matched.
Changing the directory structure is not an option. 100's of customers are maintained in huge
vhost files and Apache must be restarted everytime changes are made. I looked at mod_vhost_alias
and mod_rewrite and didn't come up with a solution. Is there a more elegant way to do this?
Any suggestions?<br><br><br><br>bona fide newbie<br><br><br><br>_______________________________________________<br>No
banners. No pop-ups. No kidding.<br>Introducing My Way - http://www.myway.com<br><br>---------------------------------------------------------------------<br>The
official User-To-User support forum of the Apache HTTP Server Project.<br>See <URL:http://httpd.apache.org/userslist.html>
for more info.<br>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org<br>
  "   from the digest: users-digest-unsubscribe@httpd.apache.org<br>For additional commands,
e-mail: users-help@httpd.apache.org<br><br>

_______________________________________________
No banners. No pop-ups. No kidding.
Introducing My Way - http://www.myway.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message