Jefferson Ogata wrote:
On 2010-09-09 20:33, Daryl Tester wrote:
This works as it should, but a side effect is that Action is exposing
http:///cgi-bin/php5 to the outside world (which barfs when accessed
directly). Access permissions on the cgi-bin directory appear to get
propagated to the re
Jefferson Ogata wrote:
Yes, inasmuch as you didn't clarify that you perceive the configuration
as an actual vector for attack, rather than an aesthetically displeasing
feature. Instead you mention that it "barfs when accessed directly",
which implied to me that you didn't recognize the potenti
On 2010-09-09 21:37, Daryl Tester wrote:
Yes, again, I know it's dangerous, hence the concern of my original post.
Was my subject line ambiguous?
Yes, inasmuch as you didn't clarify that you perceive the configuration
as an actual vector for attack, rather than an aesthetically displeasing
fe
Jefferson Ogata wrote:
That sounds like a potentially extremely dangerous configuration.
Agreed, which is why I'm asking how to not do it. All the non-mod_php
examples I seem to find on the net are set up in this configuration.
I cannot get "Action" to point to something other than a cgi scri
On 2010-09-09 20:33, Daryl Tester wrote:
This works as it should, but a side effect is that Action is exposing
http:///cgi-bin/php5 to the outside world (which barfs when accessed
directly). Access permissions on the cgi-bin directory appear to get
propagated to the resources I'm trying to "hand
Howdee.
I'm attempting to set up a PHP application in a chrooted FastCGI environment
under Apache 2.2.14 under Ubuntu 10.04. My (abbreviated) configuration is:
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
FastCgiServer /usr/lib/cgi-bin/php5
AddHandler php-fastcgi .php
DirectoryIndex i
