Tim Wunder wrote: > Hi Kurt, 'owdy,
> Kurt Wall wrote: > > > >>Hi, > >>I'm trying to set up an Alias in my httpd.conf file that'll allow me to > >>redirect a request for <my_URL>/calendar to <my_URL>/cgi-bin/webcal so > >>that if I try to access <my_URL/calendar/webcal.cgi, I get the WebCal > >>calendar selection script. > >>I've made these entries in my httpd.conf file: > >> Alias /calendar "/home/httpd/cgi-bin/webcal" > >> <Directory "/home/httpd/cgi-bin/webcal"> > >> AllowOverride AuthConfig > >> Options ExecCGI > >> </Directory> > >> > >>When I type in <my_URL>/calendar/webcal.cgi I'm presented with the text > >>of the webcal.cgi perl script. When I type in > >><my_URL>/cgi-bin/webcal/webcal.cgi the script executes and I'm presented > >>with the calendar selection screen. What must I do to get the script to > >>execute when called with <my_URL>/calendar/webcal.cgi? > >> > >>Ultimately, I want to be able to type <my_URL>/calendar and get > >>presented with the calendar selection screen. > >> > > > > Look at the ScriptAlias directive. You can also enable CGI on a per > > directory basis using a <Directory></Directory> block. > > > I have a "ScriptAlias cgi-bin /home/httpd/cgi-bin" line in my > httpd.conf, do I need another for the non-existent, aliased, /calender > directory? I've tried "ScriptAlias cgi-bin /calendar", but that had no > effect, so I deleted it. The syntax is "ScriptAlias /the/fake/dir /the/real/dir". So, try: ScriptAlias /calendar "/home/httpd/cgi-bin/webcal" > I thought I did enable CGI in a <Directory></Directory> block with > <Directory "/home/httpd/cgi-bin/webcal"> > AllowOverride AuthConfig > Options ExecCGI > </Directory> The issue here is that you have to tell Apache that /calendar is both an alias for /home/httpd/cgi-bin/webcal and, in particular, an alias that points at CGI scripts, hence the ScriptAlias directive. > So, if I uncomment the > "AddHandler cgi-script .cgi" line, it'll work? > Let me try that... Correct. > Yes, that works. The cgi script executes. But, that apparently is a > risky way? What, exactly is the "significant security risk"? Is it an > external risk, or internal risk? The users on the system are just the > family (the wife, 2 sons, and me). None of us are likely to create any > elaborate cgi scripts...(maybe the teenager...) CGI is inherently risky, regardless of *who* runs them. In your case, if external users can't execute them, you probably have little with with to concern yourself. Kurt -- Many a wife thinks her husband is the world's greatest lover. But she can never catch him at it. _______________________________________________ Linux-users mailing list Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
