On Wed, 29 Aug 2001 02:14:10 +1000, "Jason Brooke" <[EMAIL PROTECTED]> wrote:
>Another way you might be able to do it is find an environment variable that
>is only present when the cgi's are executed by the virtual() call,
Could not find any ...
>use the apache SetEnvIf directive combined with <DirectoryMatch>
But that gave me an idea for a solution with .htaccess control, and
after some testing, I was able to work it out:
My document root .htaccess file includes:
SetEnvIf Request_URI "the_cgi_caller\.php$" CGI_REFERER=local
And my /cgi subdirectory .htaccess file includes:
Order Allow,Deny
Allow from env=CGI_REFERER
The environment variable CGI_REFERER does not exist unless Apache is
processing a request for "the_cgi_caller.php" in document root, and
thus requesting any file in the /cgi subdirectory via its URL results
in a HTTP Error 403 - Forbidden.
And since PHP virtual() causes Apache to execute a sub-request, the
environment variable CGI_REFERER *does* exist while the CGI is being
called via virtual() from "the_cgi_caller.php"
It will be simple to add SetEnvIf lines to .htaccess in document root,
one for each .php file which needs to call a CGI with virtual().
This is the solution I was looking for. Thanks for the ideas!
Egan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
