Hello, RG>With regards to this it would be most helpful if I could get Apache, RG>which already has code to parse and analyze Apache configuration files, RG>to simply spit out a list of all of the CGI-enabled directories that are RG>specified in a given http.conf file to, say, stdout.
The reason you can't do this easily is because Apache doesn't work this way. It doesn't ever build up a big list of every directory that has permission to do foo or bar capability. In real time, it takes requests, and then it compares those requests against a set of rules to decide whether foo or bar capability is called for. I doubt it is a good idea to include this functionality in Apache. RL>mod_info will tell you some of this. ie. Look for ScriptAlias lines under RL>mod_alias.c and AddHandler cgi-script lines under mod_mime.c. RG>I was hoping to find a volunteer to actually hack on this for me. I am RG>_not_ well versed in Apache internals myself. So as Rasmus points out, you can parse configuration information either manually or automatically to achieve a similar goal. I recommend parsing httpd.conf instead using a script of your own devising. There are some Perl scripts written by the mod_perl crowd which will take you 95% of the way to getting good parsing. Try looking on CPAN for the Apache::ConfigParser or Apache::Admin::Config modules. But note that the best that you can do is to spit out a big list of files and directories, which you then must scan the filesystem for using "find" or an equivalent anyway. And during that scanning you'll have to worry about whether to, for example, FollowSymLinks. RG>In the case of FormMail scripts, if the big web hosting companies can RG>just scan all of their CGI directories for them every night and then RG>simply `rm' or `chmod 0000' anything found by the scans of the previous RG>night every morning, then that will be about 99.9% sufficent to RG>eliminate the problem. I think the question is, if all your VirtualHost DocumentRoots and ScriptAliases are under one big tree anyway, why not scan the entire tree and be more confident, rather than scanning a subset of it which may not be that much bigger? If it is known that ScriptAliases and directories with ExecCGI enabled are rare, and always have FollowSymLinks disabled, then I suggest the parsing approach mentioned above. Humbly, Andrew ---------------------------------------------------------------------- Andrew Ho http://www.tellme.com/ [EMAIL PROTECTED] Engineer [EMAIL PROTECTED] Voice 650-930-9062 Tellme Networks, Inc. 1-800-555-TELL Fax 650-930-9101 ----------------------------------------------------------------------
