On Mon, Feb 13, 2012 at 11:58 PM, Aaron Knister <aar...@umbc.edu> wrote: > Hi Tuomo, > > I don't mean 80,000 virtual hosts. I have over 80k unix accounts for which > content is being served via mod_userdir. And I consider each one it's own > "site". It's critical to the environment that users be prevented from > specifying handlers in htaccess files in part exactly for the reasons you > specified. The other issue is the potential for suexec abuse. I only have one > perl access handler I need to use and it has no global variables.
Hi Aaron, In the end would it not be safer to remove mod_perl all together? You don't mention exactly what you are doing with mod_perl so this may not be practical, but you do mention you only have one perl access handler. Can that not be rewritten in C? Is there no existing third party C module that can do what you need (or be modified slightly to do what you need)? Also, you briefly mentioned <Perl> sections. These are generally pretty easy to get around by just pre-generating your apache.conf file using a simple perl script and a templating module. This is how I understand most people create complex apache.conf files and this is how I have always done it. It might sound odd for someone to tell you not to use mod_perl on the mod_perl mailing list, but I think in your situation a lighter-weight solution would save you a lot of headaches. Cheers, Cees
