httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daryl Tester <>
Subject [users@httpd] Securing handler from direct access via URL.
Date Thu, 09 Sep 2010 20:33:11 GMT

I'm attempting to set up a PHP application in a chrooted FastCGI environment
under Apache 2.2.14 under Ubuntu 10.04.  My (abbreviated) configuration is:

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
FastCgiServer /usr/lib/cgi-bin/php5
<Directory "/var/www/webmail">
        AddHandler php-fastcgi .php
        DirectoryIndex index.php
        Action php-fastcgi /cgi-bin/php5

This works as it should, but a side effect is that Action is exposing
http:///cgi-bin/php5 to the outside world (which barfs when accessed
directly).  Access permissions on the cgi-bin directory appear to get
propagated to the resources I'm trying to "handle", so that doesn't

Is there a way I can set up a handler but not have it directly exposed
via URL (as opposed to the URLs it "handles")?


  Daryl Tester

"It's bad enough to have two heads, but it's worse when one's unoccupied."
  -- Scatterbrain, "I'm with Stupid."

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message