… both +1 and -1. A change in version number or major version can imply significant changes in the base configuration, and I see this suggestion as a fit for a httpd-2.5, -3.0 or the likes. Hence, +1.
However changing such widely used setting on the existing 10 year old 2.4 tree will cause operators headaches as the one outlined by Noel - more so as this setting is there for way longer than 2.4 and therefore -1. Alex > On Oct 9, 2021, at 20:30, Noel Butler <noel.but...@ausics.net> wrote: > > >> >> On 10/10/2021 03:39, Eric Covener wrote: >> >> Relative to the recent CVEs, should we replace ScriptAlias in the >> default conf with Alias + SetHandler cgi-script in the corresponding >> Directory section? >> >> And .. should ScriptAlias be deprecated/discouraged in some way if the >> expanded version is safer by avoiding the equivalent of setting the >> handler in Location vs. Directory? >> >> I am assuming it is not possible/feasible to make ScriptAlias just >> work as if it was in the 2nd arguments Directory config. > > -1 > > > > You are talking about changing a httpd life long option, thats used in > millions of settings around the world. > > Scriptalias setting is not used in any directory setting in my case, its used > in a global way > > DocumentRoot "/var/www/html" > > <Directory "/var/www"> > AllowOverride None > Options SymlinksIfOwnerMatch > Require all granted > </Directory> > > Alias /icons/ "/var/www/icons/" > > <Directory "/var/www/icons"> > AllowOverride None > Require all granted > </Directory> > > ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" > > <Directory "/var/www/cgi-bin"> > AllowOverride None > Options None > Require all granted > </Directory> > > > > and more globally used in every service provider i've been at (not all my > doing but end result is identical) inside virtual hosts confs > > <VirtualHost xxxxxxxxxx > > ServerName xxxxxxx > ServerAlias www.xxxxxxxx > DocumentRoot /var/www/vhost/xxxxxxx/www/html > ScriptAlias /cgi-bin/ /var/www/vhost/xxxxxxxxx/www/cgi-bin/ > > ...snip... > > </VirtualHost> > > This is how every person expects it. > > So you want to go make that more convoluted? > > > > -- > Regards, > Noel Butler > > This Email, including attachments, may contain legally privileged > information, therefore at all times remains confidential and subject to > copyright protected under international law. You may not disseminate this > message without the authors express written authority to do so. If you are > not the intended recipient, please notify the sender then delete all copies > of this message including attachments immediately. Confidentiality, > copyright, and legal privilege are not waived or lost by reason of the > mistaken delivery of this message. > >