[cgiwrap-users] Rewriting of directory indexes / Security implications
Brought to you by:
nneul
Menu
▾
▴
[cgiwrap-users] Rewriting of directory indexes / Security implications
|
From: Gabriel A. <ga...@bu...> - 2003-05-20 17:15:54
|
Hi, I'm stumbling over a probably rather easily solved problem with my rewrite rules: RewriteEngine On RewriteRule (.*\.php.*) /cgi-sys/cgiwrap/user/$1 [PT,NS,T=application/x-http-cgi] RewriteRule (.*\.cgi.*) /cgi-sys/cgiwrap/user/$1 [PT] works perfectly for anything but the directory index (that is index.cgi and index.php in our case, of course index.html still works ;-) as cgiwrap doesn't seem to know that it should look for index. whatever in case the final element of a path is a directory. So now I'm wondering how to rewrite the URL to get that working or would I have to patch cgiwrap to do that? Furthermore, is there anything cgiwrap does against the following: .htaccess auth required users accessing private/somescript.cgi by simply using cgiwrap to execute the script? It's a known problem with PHP that if you have it installed in the cgi-bin it might very well expose your whole site to everyone who cares to look as it ignores .htaccess. Is .htaccess checked before a rewrite is done? If it were, I could simply stop users from directly using cgiwrap and be on the safe side, right? Thanks for any comments, Gabriel |
