I even tried curl with /../other.pl and /cgi-bin/../other.pl, and these still went through my_app.pl, so we're fine I think!
- Alex On 20/11/18 8:11 π.μ., Alexander Karelas wrote: > > Thanks to Dan Book, I searched a bit more. Plain ScriptAlias didn't do > the trick, but ScriptAliasMatch worked beautifully on both CentOS and > Ubuntu (provided you enable the cgi module of Apache, of course, which > I hadn't done before, and mysteriously wasn't getting an error for > unknown Apache directives): > > This apache config seems a lot simpler and more secure, I think, > therefore better. > > > *<VirtualHost *:80>** > ** ServerName apache-dev.lxd** > ** DocumentRoot /opt/mysite/html* > > * ScriptAliasMatch "^/cgi-bin/(.*)" "/opt/mysite/cgi-bin/my_app.pl/$1"** > ** > ** <Directory "/opt/mysite/html">** > ** RewriteEngine On** > ** RewriteBase /** > ** RewriteRule (.*) /cgi-bin/$1 [L]** > ** Require all granted** > ** </Directory>** > ** > ** <Directory "/opt/mysite/cgi-bin">** > ** Require all granted** > ** </Directory>** > **</VirtualHost>** > * > > -- You received this message because you are subscribed to the Google Groups "Mojolicious" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/mojolicious. For more options, visit https://groups.google.com/d/optout.
