On Wed, Aug 15, 2018 at 5:53 PM Jason Pitt <[email protected]> wrote: > > Ok I have a work around but I'm really unhappy with it and I'd like it if > someone can verify for me that I'm not doing something wrong before I change > my whole code base to deal with the cgi scripts not being present in the > apache default cgi-bin (on my system /usr/lib/cgi-bin). So when a client > requests a file from the cgi-bin Apache seems to execute it before asking for > Basic Authorization. However if I take the exact same apache2.config block, > change the directory to something somewhere else, in this case /var/www/html, > add +ExecCGI and a handler for .cgi files...Apache has the behavior I'd > expect. It asks for authorization, then executes the .cgi file. Why on > earth can't I just do that for the default cgi-bin??? > > so this works: > <Directory /var/www/html> > Options Indexes FollowSymLinks ExecCGI > AddHandler cgi-script .cgi > AllowOverride None > AuthUserFile /home/jpitt/wormbot/passwords > AuthType Basic > AuthName "Kaebot" > Require valid-user > </Directory> > > this asks for a password but executes the script regardless of user input > <Directory /usr/lib/cgi-bin> > Options Indexes FollowSymLinks ExecCGI > AddHandler cgi-script .cgi > AllowOverride None > AuthUserFile /home/jpitt/wormbot/passwords > AuthType Basic > AuthName "Kaebot" > Require valid-user > </Directory>
Maybe there is some other overlapping configuration section? --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
