Re: [SLUG] Re: XBitHack
On Fri, May 08, 2009 at 02:25:13PM +1000, david wrote: Matthew Hannigan wrote: On Fri, May 08, 2009 at 01:13:39PM +1000, Rob Weir wrote: On 8 May 2009, da...@kenpro.com.au wrote: I've got this snippet in apache config: Directory /var/www/test/ Options +Includes XBitHack full IncludesNOEXEC /Directory da...@david:/etc/apache2$ sudo /etc/init.d/apache2 reload Syntax error on line 17 of /etc/apache2/sites-enabled/000-default: Illegal option XBitHack ...fail! da...@david:/etc/apache2$ mod-include is enabled Are you /sure/? Innit mod_ssi ? I'm not sure what this should do.. I'm using Ubuntu/Debian which uses a2enmod to set up modules, followed by apache2 reload. Am I missing something? thanks... I was pointing out that XBitHack is part of mod_ssi, not mod_include. As for what it does; well what do you want it do do? I'd take it out if you're not sure. SSI (server side includes) can make the security of apache a little more fragile. Matt -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Re: XBitHack
Matthew Hannigan wrote: On Fri, May 08, 2009 at 02:25:13PM +1000, david wrote: Matthew Hannigan wrote: On Fri, May 08, 2009 at 01:13:39PM +1000, Rob Weir wrote: On 8 May 2009, da...@kenpro.com.au wrote: I've got this snippet in apache config: Directory /var/www/test/ Options +Includes XBitHack full IncludesNOEXEC /Directory da...@david:/etc/apache2$ sudo /etc/init.d/apache2 reload Syntax error on line 17 of /etc/apache2/sites-enabled/000-default: Illegal option XBitHack ...fail! da...@david:/etc/apache2$ mod-include is enabled Are you /sure/? Innit mod_ssi ? I'm not sure what this should do.. I'm using Ubuntu/Debian which uses a2enmod to set up modules, followed by apache2 reload. Am I missing something? thanks... I was pointing out that XBitHack is part of mod_ssi, not mod_include. Is it??? http://httpd.apache.org/docs/2.0/mod/mod_include.html seems to suggest mod_include ... although I'm often wrong and I might be this time. As for what it does; well what do you want it do do? What I want to do is server side includes. I have another production site where this works perfectly, but uses the .shtml suffix and AddOutputFilter. It would be nicer if I could use XBitHack but for some reason the apache2 parser doesn't like it. By putting this line: AddOutputFilter INCLUDES .html on my test site's /etc/apache2/mods-enabled/mime.conf the includes magically work as advertised, but that's not really what I want. The whole idea is to only parse for includes when required instead of every html page. I'd take it out if you're not sure. I'm sure what I want to do.. see above. SSI (server side includes) can make the security of apache a little more fragile. because??? Perhaps there is a good reason not to do it. I've got the IncludesNOEXEC option happening. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Re: XBitHack
On Fri, May 08, 2009 at 06:28:26PM +1000, david wrote: I was pointing out that XBitHack is part of mod_ssi, not mod_include. Is it??? http://httpd.apache.org/docs/2.0/mod/mod_include.html seems to suggest mod_include ... although I'm often wrong and I might be this time. Ah you're right and I suck, As for what it does; well what do you want it do do? What I want to do is server side includes. I have another production site where this works perfectly, but uses the .shtml suffix and AddOutputFilter. It would be nicer if I could use XBitHack but for some reason the apache2 parser doesn't like it. By putting this line: AddOutputFilter INCLUDES .html on my test site's /etc/apache2/mods-enabled/mime.conf the includes magically work as advertised, but that's not really what I want. The whole idea is to only parse for includes when required instead of every html page. I'd take it out if you're not sure. I'm sure what I want to do.. see above. SSI (server side includes) can make the security of apache a little more fragile. because??? Perhaps there is a good reason not to do it. I've got the IncludesNOEXEC option happening. because you're trusting (to a certain extent) client supplied data. But if you want it, you want it. No question. As for the answer, well without seeing your entire apache config, I'd _guess_ that it's disable in the build or something like that. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Re: XBitHack
Matthew Hannigan wrote: On Fri, May 08, 2009 at 06:28:26PM +1000, david wrote: I was pointing out that XBitHack is part of mod_ssi, not mod_include. Is it??? http://httpd.apache.org/docs/2.0/mod/mod_include.html seems to suggest mod_include ... although I'm often wrong and I might be this time. Ah you're right and I suck, I might be right (for once) but you don't suck... especially when you are trying to help ;-) because??? Perhaps there is a good reason not to do it. I've got the IncludesNOEXEC option happening. because you're trusting (to a certain extent) client supplied data. But if you want it, you want it. No question. I'm using includes for standard html code blocks (headers, menus etc) that go across most pages so that I don't have to re-code them into each page (which is what my predecessor for this job did). I know there are other ways to do it, but each way has it's drawbacks. I guess that is another thread in itself. As for the answer, well without seeing your entire apache config, I'd _guess_ that it's disable in the build or something like that. I know that SSI works on this server because I can make it work with AddOutputFilter... it's XBitHack that's giving me grief. Seemed like such a good idea at the time but for now I've given up and I'm just applying AddOutputFilter to the Directory thanks for your help David. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Re: XBitHack
On 8 May 2009, da...@kenpro.com.au wrote: I've got this snippet in apache config: Directory /var/www/test/ Options +Includes XBitHack full IncludesNOEXEC /Directory da...@david:/etc/apache2$ sudo /etc/init.d/apache2 reload Syntax error on line 17 of /etc/apache2/sites-enabled/000-default: Illegal option XBitHack ...fail! da...@david:/etc/apache2$ mod-include is enabled Are you /sure/? -- -rob -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Re: XBitHack
On Fri, May 08, 2009 at 01:13:39PM +1000, Rob Weir wrote: On 8 May 2009, da...@kenpro.com.au wrote: I've got this snippet in apache config: Directory /var/www/test/ Options +Includes XBitHack full IncludesNOEXEC /Directory da...@david:/etc/apache2$ sudo /etc/init.d/apache2 reload Syntax error on line 17 of /etc/apache2/sites-enabled/000-default: Illegal option XBitHack ...fail! da...@david:/etc/apache2$ mod-include is enabled Are you /sure/? Innit mod_ssi ? -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Re: XBitHack
Rob Weir wrote: On 8 May 2009, da...@kenpro.com.au wrote: I've got this snippet in apache config: Directory /var/www/test/ Options +Includes XBitHack full IncludesNOEXEC /Directory da...@david:/etc/apache2$ sudo /etc/init.d/apache2 reload Syntax error on line 17 of /etc/apache2/sites-enabled/000-default: Illegal option XBitHack ...fail! da...@david:/etc/apache2$ mod-include is enabled Are you /sure/? I'm learned never to be sure, but I did this: $ sudo a2enmod include /etc/apache2/mods-enabled/include exists, and I have restarted apache2 sudo a2dismod lists the include module. Is there another way to check? -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Re: XBitHack
Matthew Hannigan wrote: On Fri, May 08, 2009 at 01:13:39PM +1000, Rob Weir wrote: On 8 May 2009, da...@kenpro.com.au wrote: I've got this snippet in apache config: Directory /var/www/test/ Options +Includes XBitHack full IncludesNOEXEC /Directory da...@david:/etc/apache2$ sudo /etc/init.d/apache2 reload Syntax error on line 17 of /etc/apache2/sites-enabled/000-default: Illegal option XBitHack ...fail! da...@david:/etc/apache2$ mod-include is enabled Are you /sure/? Innit mod_ssi ? I'm not sure what this should do.. I'm using Ubuntu/Debian which uses a2enmod to set up modules, followed by apache2 reload. Am I missing something? thanks... -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
