Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Disallow override globally forbidden perl, python scripts |
|
| Author |
|
postcd
Joined: 24 Sep 2017
Posts: 2
|
 Posted: Sun 24 Sep '17 23:33 Post subject: Disallow override globally forbidden perl, python scripts |
 |
|
Hello,
my aim is that Apache will not care about which handler is set in particular .htaccess files. for .cgi .pl .py
It will use global configuration which should be no perl, python, cgi scripts allowed to be run.
Please how can i do that?
# httpd -V
Server version: Apache/2.2.29 (Unix)
Server built: Jul 25 2015 22:21:53
Cpanel::Easy::Apache v3.30.3 rev9999
Server's Module Magic Number: 20051115:36
Server loaded: APR 1.5.1, APR-Util 1.5.4
Compiled using: APR 1.5.1, APR-Util 1.5.4
Architecture: 64-bit
Server MPM: Prefork
threaded: no
forked: yes (variable process count)
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/prefork"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses disabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=128
-D HTTPD_ROOT="/usr/local/apache"
-D SUEXEC_BIN="/usr/local/apache/bin/suexec"
-D DEFAULT_PIDLOG="logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_LOCKFILE="logs/accept.lock"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
# php -v
PHP 5.3.29 (cli) (built: Jul 25 2015 22:26:40)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2014 Zend Technologies
with XCache v3.2.0, Copyright (c) 2005-2014, by mOo
with the ionCube PHP Loader (enabled) + Intrusion Protection from ioncube24.com (unconfigured) v6.0.9, Copyright (c) 2002-2016, by ionCube Ltd.
with Zend Guard Loader v3.3, Copyright (c) 1998-2010, by Zend Technologies
with XCache Cacher v3.2.0, Copyright (c) 2005-2014, by mOo
with Suhosin v0.9.33, Copyright (c) 2007-2012, by SektionEins GmbH
# cat /etc/red*
CentOS release 6.9 (Final)
This is what is in the global Apache include file:
| Quote: | <Directory "/">
Options -ExecCGI -FollowSymLinks Includes IncludesNOEXEC Indexes -MultiViews SymLinksIfOwnerMatch
AllowOverride All
</Directory>
<Directory "/usr/local/apache/htdocs">
Options IncludesNOEXEC Indexes -FollowSymLinks +SymLinksIfOwnerMatch -ExecCGI
AllowOverride None
Order allow,deny
Allow from all
</Directory> |
I am also having this enabled: https://documentation.cpanel.net/display/ALD/PHP+open_basedir+Tweak
Thank You |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Tue 31 Oct '17 19:07 Post subject: |
|
|
Thhe "MINUS"ExecCGI disables cgi in any form.
What do you mean by apache will not care about?
it is unclear to me if you want to run cgi programs or you don't. What are you trying to do? |
|
| Back to top |
|
postcd
Joined: 24 Sep 2017
Posts: 2
|
| Posted: Thu 09 Nov '17 15:27 Post subject: |
|
|
James Blond: i do not want to run it
i do not want apache to to allow overriding global configuration by directives set by particular users inside their .htaccess files. I am not talking just about cgi but also about perl and python scripts. |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Fri 10 Nov '17 20:09 Post subject: |
|
|
Then do not use AllowOverride All
That way users cannot add this to their .htaccess files.
Options +ExecCGI
Instead, choose what you do want to allow, you can even allow specific options yet not ExecCGI.
See http://httpd.apache.org/docs/2.4/mod/core.html#allowoverride |
|
| Back to top |
|
|
|
|
|
|
