On Wed, 29 Aug 2001 02:14:10 +1000, "Jason Brooke" <[EMAIL PROTECTED]> wrote:

>Another way you might be able to do it is find an environment variable that
>is only present when the cgi's are executed by the virtual() call,

Could not find any ...

>use the apache SetEnvIf directive combined with <DirectoryMatch>

But that gave me an idea for a solution with .htaccess control, and
after some testing, I was able to work it out:

My document root .htaccess file includes:

  SetEnvIf Request_URI "the_cgi_caller\.php$" CGI_REFERER=local

And my /cgi subdirectory .htaccess file includes:

  Order Allow,Deny
  Allow from env=CGI_REFERER

The environment variable CGI_REFERER does not exist unless Apache is
processing a request for "the_cgi_caller.php" in document root, and
thus requesting any file in the /cgi subdirectory via its URL results
in a HTTP Error 403 - Forbidden.

And since PHP virtual() causes Apache to execute a sub-request, the
environment variable CGI_REFERER *does* exist while the CGI is being
called via virtual() from "the_cgi_caller.php"

It will be simple to add SetEnvIf lines to .htaccess in document root,
one for each .php file which needs to call a CGI with virtual().

This is the solution I was looking for.  Thanks for the ideas!


PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to