I am using RedHat 6.4 with Apache 2.2.15. I send a wget request to the server for /cobbler/pub/foo.to. The server returns a 403 status.
The access_log entry is: 129.165.8.75 - - [02/Apr/2013:11:46:44 +0000] "GET /cobbler/pub/foo.to HTTP/1.0" 403 220 "-" "Wget/1.10.2 (Red Hat modified)" The error_log entry is: [Tue Apr 02 11:46:44 2013] [error] [client 129.165.8.75] Options ExecCGI is off in this directory: /var/www/cobbler/pub/foo.to The modsec_audit.log is the most complete: --cae3ab09-A-- [02/Apr/2013:11:48:47 +0000] UVrFn4GlCCkAAFj@O8UAAAAD 129.165.8.75 46737 129.165.8.41 80 --cae3ab09-B-- GET /cobbler/pub/foo.to HTTP/1.0 User-Agent: Wget/1.10.2 (Red Hat modified) Accept: */* Host: cobbler Connection: Keep-Alive --cae3ab09-F-- HTTP/1.1 403 Forbidden Content-Length: 220 Connection: close Content-Type: text/html; charset=iso-8859-1 --cae3ab09-E-- --cae3ab09-H-- Apache-Error: [file "/builddir/build/BUILD/httpd-2.2.15/modules/generators/mod_cgi.c"] [line 168] [level 3] Options ExecCGI is off in this directory: /var/www/cobbler/pub/foo.to Apache-Handler: cgi-script Stopwatch: 1364903327323156 1714 (- - -) Stopwatch2: 1364903327323156 1714; combined=59, p1=17, p2=37, p3=0, p4=0, p5=5, sr=0, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.7.1 (http://www.modsecurity.org/). Server: Apache Engine-Mode: "ENABLED" --cae3ab09-Z- My question is why Apache considers a file with a ".to" extension to by a CGI script? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Stuart J. Newman Engineer 4; Systems Solar Dynamics Observatory (SDO) Honeywell Technology Solutions Inc NASA/Goddard Space Flight Center Building 14, Room E222 Mail Stop 428.2 Greenbelt, MD 20771 Office: (301) 286-5145 EMail: [email protected]<mailto:[email protected]> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This communication, including any attachment, contains information that may be confidential or privileged, and is intended solely for the entity or individual to whom it is addressed. If you are not the intended recipient, please notify the sender at once, and you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message is strictly prohibited. Nothing in this email, including any attachment, is intended to be a legally binding signature.
