Nope...there isn't...at least not in apache2.conf, however there is clearly something different about how it is serving content from /cgi-bin than from other directories...even if those directories are flagged with ExecCGI. One nice thing I noticed is that I can use ScriptAlias to alias "/cgi-bin/" to some other directory and then can set the access rules for that other directory and it will behave as I want, so I just need to alter the install point for my applications and edit apache2.conf...but still, this doesn't seem like this is an expected behavior. Would it be a bug?
-J On Wed, Aug 15, 2018 at 3:38 PM, Eric Covener <[email protected]> wrote: > On Wed, Aug 15, 2018 at 5:53 PM Jason Pitt <[email protected]> wrote: > > > > Ok I have a work around but I'm really unhappy with it and I'd like it > if someone can verify for me that I'm not doing something wrong before I > change my whole code base to deal with the cgi scripts not being present in > the apache default cgi-bin (on my system /usr/lib/cgi-bin). So when a > client requests a file from the cgi-bin Apache seems to execute it before > asking for Basic Authorization. However if I take the exact same > apache2.config block, change the directory to something somewhere else, in > this case /var/www/html, add +ExecCGI and a handler for .cgi files...Apache > has the behavior I'd expect. It asks for authorization, then executes the > .cgi file. Why on earth can't I just do that for the default cgi-bin??? > > > > so this works: > > <Directory /var/www/html> > > Options Indexes FollowSymLinks ExecCGI > > AddHandler cgi-script .cgi > > AllowOverride None > > AuthUserFile /home/jpitt/wormbot/passwords > > AuthType Basic > > AuthName "Kaebot" > > Require valid-user > > </Directory> > > > > this asks for a password but executes the script regardless of user input > > <Directory /usr/lib/cgi-bin> > > Options Indexes FollowSymLinks ExecCGI > > AddHandler cgi-script .cgi > > AllowOverride None > > AuthUserFile /home/jpitt/wormbot/passwords > > AuthType Basic > > AuthName "Kaebot" > > Require valid-user > > </Directory> > > Maybe there is some other overlapping configuration section? > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- /* Jason Pitt PhD 206.616.1193 Kaeberlein Lab [email protected] University of Washington Department of Pathology Health Sciences Building Box 357470 1989 NE Pacific Street Seattle, WA 98195 */
