On Wed, 29 Aug 2001 00:16:10 +1000, "Jason Brooke" <[EMAIL PROTECTED]> wrote:
>It will work in .htaccess if you enable it, or you might even be able to use
>something like:
><DirectoryMatch "^/path/to/.*/cgi">
>
>(untested again)
After testing this I see that:
Apache uses the IP address of the remote host to determine whether to
allow or deny access.
Even though PHP is running on localhost, and making a request via the
virtual() function, Apache still knows the IP address of the remote
host, and uses that.
So what happens is that denying "localhost" makes it impossible to run
the CGI at all, unless you are running lynx from a local shell. Not
exactly what I had in mind.
Unless there is some way that Apache can be tricked into believing a
request originates from the IP address of localhost, it appears that
allow/deny directives will not solve the problem of preventing direct
access to user CGIs.
It sounded like a good idea, though!
Egan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
