[PHP] virtual() call to CGI script

I use the PHP virtual() function to call a CGI script, and that works fine. But I need to prevent the CGI from being executed directly, in case someone tries to access its URL. Since HTTP_REFERER is unreliable, I was wondering how others have solved this problem ... Egan -- PHP General

Re: [PHP] virtual() call to CGI script

On Tue, 28 Aug 2001 16:38:14 +1000, Jason Brooke [EMAIL PROTECTED] wrote: I use the PHP virtual() function to call a CGI script, and that works fine. But I need to prevent the CGI from being executed directly, in case someone tries to access its URL. Since HTTP_REFERER is unreliable, I was

Re: [PHP] virtual() call to CGI script

if you're using apache, something along the lines of the following untested directives should prevent anyone but the localhost (which is where your virtual() calls should be coming from) from accessing the cgi's via http Directory /path/to/usr/cgi order deny, allow deny from all allow from

Re: [PHP] virtual() call to CGI script

On Tue, 28 Aug 2001 23:38:30 +1000, Jason Brooke [EMAIL PROTECTED] wrote: if you're using apache, something along the lines of the following untested directives should prevent anyone but the localhost (which is where your virtual() calls should be coming from) from accessing the cgi's via http

Re: [PHP] virtual() call to CGI script

We don't define any virtual hosts in httpd.conf; instead, we use a custom handler hooked into post-read-request. So I won't be able to define /path/to/usr/cgi in httpd.conf. But if that concept will work in user .htaccess files, it would be an improvement over my current techniques. I'll

Re: [PHP] virtual() call to CGI script

On Wed, 29 Aug 2001 00:16:10 +1000, Jason Brooke [EMAIL PROTECTED] wrote: It will work in .htaccess if you enable it, or you might even be able to use something like: DirectoryMatch ^/path/to/.*/cgi (untested again) After testing this I see that: Apache uses the IP address of the remote host

Re: [PHP] virtual() call to CGI script

After testing this I see that: Apache uses the IP address of the remote host to determine whether to allow or deny access. Even though PHP is running on localhost, and making a request via the virtual() function, Apache still knows the IP address of the remote host, and uses that. I

Re: [PHP] virtual() call to CGI script

On Wed, 29 Aug 2001 02:14:10 +1000, Jason Brooke [EMAIL PROTECTED] wrote: Another way you might be able to do it is find an environment variable that is only present when the cgi's are executed by the virtual() call, Could not find any ... use the apache SetEnvIf directive combined with