On Wed, 29 Aug 2001 02:14:10 +1000, "Jason Brooke" <[EMAIL PROTECTED]> wrote:
>Another way you might be able to do it is find an environment variable that
>is only present when the cgi's are executed by the virtual() call,
Could not find any ...
>use the apache SetEnvIf directive combined with
> After testing this I see that:
>
> Apache uses the IP address of the remote host to determine whether to
> allow or deny access.
>
> Even though PHP is running on localhost, and making a request via the
> virtual() function, Apache still knows the IP address of the remote
> host, and uses that.
On Wed, 29 Aug 2001 00:16:10 +1000, "Jason Brooke" <[EMAIL PROTECTED]> wrote:
>It will work in .htaccess if you enable it, or you might even be able to use
>something like:
>
>
>(untested again)
After testing this I see that:
Apache uses the IP address of the remote host to determine whether t
> We don't define any virtual hosts in httpd.conf; instead, we use a
> custom handler hooked into post-read-request. So I won't be able to
> define "/path/to/usr/cgi" in httpd.conf.
>
> But if that concept will work in user .htaccess files, it would be an
> improvement over my current techniques.
On Tue, 28 Aug 2001 23:38:30 +1000, "Jason Brooke" <[EMAIL PROTECTED]> wrote:
>if you're using apache, something along the lines of the following untested
>directives should prevent anyone but the localhost (which is where your
>virtual() calls should be coming from) from accessing the cgi's via
if you're using apache, something along the lines of the following untested
directives should prevent anyone but the localhost (which is where your
virtual() calls should be coming from) from accessing the cgi's via http
order deny, allow
deny from all
allow from localhost
> Thanks for the ide
On Tue, 28 Aug 2001 16:38:14 +1000, "Jason Brooke" <[EMAIL PROTECTED]> wrote:
>> I use the PHP virtual() function to call a CGI script, and that works
>> fine. But I need to prevent the CGI from being executed directly, in
>> case someone tries to access its URL.
>>
>> Since HTTP_REFERER is unre
> I use the PHP virtual() function to call a CGI script, and that works
> fine. But I need to prevent the CGI from being executed directly, in
> case someone tries to access its URL.
>
> Since HTTP_REFERER is unreliable, I was wondering how others have
> solved this problem ...
>
>
> Egan
move i
I use the PHP virtual() function to call a CGI script, and that works
fine. But I need to prevent the CGI from being executed directly, in
case someone tries to access its URL.
Since HTTP_REFERER is unreliable, I was wondering how others have
solved this problem ...
Egan
--
PHP General Ma
9 matches
Mail list logo
