… both +1 and -1.

A change in version number or major version can imply significant changes in 
the base configuration, and I see this suggestion as a fit for a httpd-2.5, 
-3.0 or the likes. Hence, +1.

However changing such widely used setting on the existing 10 year old 2.4 tree 
will cause operators headaches as the one outlined by Noel - more so as this 
setting is there for way longer than 2.4 and therefore -1.

Alex

> On Oct 9, 2021, at 20:30, Noel Butler <noel.but...@ausics.net> wrote:
> 
> 
>> 
>> On 10/10/2021 03:39, Eric Covener wrote:
>> 
>> Relative to the recent CVEs, should we replace ScriptAlias in the
>> default conf with Alias + SetHandler cgi-script in the corresponding
>> Directory section?
>> 
>> And .. should ScriptAlias be deprecated/discouraged in some way if the
>> expanded version is safer by avoiding the equivalent of setting the
>> handler in Location vs. Directory?
>> 
>> I am assuming it is not possible/feasible to make ScriptAlias just
>> work as if it was in the 2nd arguments Directory config.
> 
>  -1
> 
> 
> 
> You are talking about changing a httpd life long option, thats used in 
> millions of settings around the world.
> 
> Scriptalias setting is not used in any directory setting in my case, its used 
> in a global way
> 
> DocumentRoot "/var/www/html"
> 
> <Directory "/var/www">
> AllowOverride None
> Options SymlinksIfOwnerMatch
> Require all granted
> </Directory>
> 
> Alias /icons/ "/var/www/icons/"
> 
> <Directory "/var/www/icons">
> AllowOverride None
> Require all granted
> </Directory>
> 
> ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
> 
> <Directory "/var/www/cgi-bin">
> AllowOverride None
> Options None
> Require all granted
> </Directory>
> 
> 
> 
> and more globally used in every service provider i've been at (not all my 
> doing but end result is identical) inside virtual hosts confs
> 
> <VirtualHost xxxxxxxxxx >
> ServerName xxxxxxx
> ServerAlias www.xxxxxxxx
> DocumentRoot /var/www/vhost/xxxxxxx/www/html
> ScriptAlias /cgi-bin/ /var/www/vhost/xxxxxxxxx/www/cgi-bin/
> 
> ...snip...
> 
> </VirtualHost>
> 
> This is how every person expects it.
> 
> So you want to go make that more convoluted?
> 
> 
> 
> -- 
> Regards,
> Noel Butler
> 
> This Email, including attachments, may contain legally privileged 
> information, therefore at all times remains confidential and subject to 
> copyright protected under international law. You may not disseminate this 
> message without the authors express written authority to do so.   If you are 
> not the intended recipient, please notify the sender then delete all copies 
> of this message including attachments immediately. Confidentiality, 
> copyright, and legal privilege are not waived or lost by reason of the 
> mistaken delivery of this message.
> 
> 

Reply via email to