On Tue, Oct 26, 2004 at 11:16:40PM +0800, frankieh wrote: > Todd Slater wrote: > >I am hosting a few sites for friends that need cgi access. I read > >something about cgi scripts shouldn't be in the web document root for > >security purposes--people being able to read them as text. I turned on > >cgi by adding the ExecCGI in <Directory /home/*/public_html> which if I > >understand is not secure? > > > >What's the standard practice for doing this with users and virtual > >hosts? > > > >Todd > > Create a cgi-bin directory in parallel to your docs direcory and make > that the directory that is able to exec cgi scripts. > <Directory /home/*/cgi-bin> > > and then use ScriptAlias to make it available: > ScriptAlias /cgi-bin/ /home/*/cgi-bin > > That should get you on the right track.
Thanks, Franki. I ended up having to add another line to httpd.conf to get it to work: ScriptAliasMatch ^/~([^/]*)/cgi-bin/(.*) /home/$1/cgi-bin/$2 Todd -- Name that tune #22: No caffeine, no protein, no booze or nicotine.
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________