I use the PHP virtual() function to call a CGI script, and that works
fine. But I need to prevent the CGI from being executed directly, in
case someone tries to access its URL.
Since HTTP_REFERER is unreliable, I was wondering how others have
solved this problem ...
Egan
--
PHP General
On Tue, 28 Aug 2001 16:38:14 +1000, Jason Brooke [EMAIL PROTECTED] wrote:
I use the PHP virtual() function to call a CGI script, and that works
fine. But I need to prevent the CGI from being executed directly, in
case someone tries to access its URL.
Since HTTP_REFERER is unreliable, I was
if you're using apache, something along the lines of the following untested
directives should prevent anyone but the localhost (which is where your
virtual() calls should be coming from) from accessing the cgi's via http
Directory /path/to/usr/cgi
order deny, allow
deny from all
allow from
On Tue, 28 Aug 2001 23:38:30 +1000, Jason Brooke [EMAIL PROTECTED] wrote:
if you're using apache, something along the lines of the following untested
directives should prevent anyone but the localhost (which is where your
virtual() calls should be coming from) from accessing the cgi's via http
We don't define any virtual hosts in httpd.conf; instead, we use a
custom handler hooked into post-read-request. So I won't be able to
define /path/to/usr/cgi in httpd.conf.
But if that concept will work in user .htaccess files, it would be an
improvement over my current techniques. I'll
On Wed, 29 Aug 2001 00:16:10 +1000, Jason Brooke [EMAIL PROTECTED] wrote:
It will work in .htaccess if you enable it, or you might even be able to use
something like:
DirectoryMatch ^/path/to/.*/cgi
(untested again)
After testing this I see that:
Apache uses the IP address of the remote host
After testing this I see that:
Apache uses the IP address of the remote host to determine whether to
allow or deny access.
Even though PHP is running on localhost, and making a request via the
virtual() function, Apache still knows the IP address of the remote
host, and uses that.
I
On Wed, 29 Aug 2001 02:14:10 +1000, Jason Brooke [EMAIL PROTECTED] wrote:
Another way you might be able to do it is find an environment variable that
is only present when the cgi's are executed by the virtual() call,
Could not find any ...
use the apache SetEnvIf directive combined with
8 matches
Mail list logo