The following reply was made to PR mod_actions/1418; it has been noted by GNATS.
From: Marc Slemko <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], Apache bugs database <[EMAIL PROTECTED]> Subject: Re: mod_actions/1418: htaccess files can be bypassed when actions are used Date: Mon, 17 Nov 1997 23:39:40 -0700 (MST) On 18 Nov 1997 [EMAIL PROTECTED] wrote: > [In order for any reply to be added to the PR database, ] > [you need to include <[EMAIL PROTECTED]> in the Cc line ] > [and leave the subject line UNCHANGED. This is not done] > [automatically because of the potential for mail loops. ] > > > Synopsis: htaccess files can be bypassed when actions are used > > State-Changed-From-To: open-closed > State-Changed-By: dgaudet > State-Changed-When: Mon Nov 17 22:33:56 PST 1997 > State-Changed-Why: > Apache is behaving correctly, the /cgi-bin URL is not > protected. If you want to use Action this way then make > another ScriptAlias which is protected. You should be able to have your script check the appropriate environment variables to verify that it is not being called directly. You would have to look at them and examine the differences to see if this is workable though; haven't looked.
