Jakob Borg wrote: > I got the impression that IncludesNOEXEC was the feature I needed and > solved my problem. I (my users) can still use the #include virtual="" to > user "legitimate" CGIs. Is that not so?
The mod_include documentation says this: include This command inserts the text of another document or file into the parsed file. Any included file is subject to the usual access control. If the directory containing the parsed file has the Option IncludesNOEXEC set, and the including the document would cause a program to be executed, then it will not be included; this prevents the execution of CGI scripts. Otherwise CGI scripts are invoked as normal using the complete URL given in the command, including any query string. This gives me the impression that you can't disable `exec' without disabling `include=<CGI script>'. Try it and see. -- Glynn Clements <[EMAIL PROTECTED]> -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .