Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: Server sending webbatch.exe instead of running it |
|
Author |
|
Rod
Joined: 03 Apr 2015 Posts: 8 Location: Toronto, Canada
|
Posted: Sun 05 Apr '15 18:35 Post subject: Server sending webbatch.exe instead of running it |
|
|
I have Apache 2.4.9 installed. This:
192.168.1.20/webcgi/webbatch.exe?webcgi/hello.web
represents my desire for the server to run webbatch.exe, using the hello.web script as data. But it's causing Apache to send webbatch.exe, not run it. I want Apache to run the .exe, not send it.
Both webbatch.exe and hello.web are in an aliased /webcgi/ folder, so Apache has access to both.
What config settings or directives are required to inhibit the send, and have Apache execute the .exe?
Rod |
|
Back to top |
|
glsmith Moderator
Joined: 16 Oct 2007 Posts: 2268 Location: Sun Diego, USA
|
Posted: Sun 05 Apr '15 19:51 Post subject: |
|
|
I would only do this for the webcgi aliased directory
AddHandler cgi-script .exe
If you have other (like .cgi, .pl) scripts in there also, add them as well
AddHandler cgi-script .cgi .exe .pl |
|
Back to top |
|
Rod
Joined: 03 Apr 2015 Posts: 8 Location: Toronto, Canada
|
Posted: Sun 05 Apr '15 21:37 Post subject: |
|
|
I greatly appreciate you trying to help me. Thank you. This is my webcgi.conf, in the form that invokes the unwanted open/send:
Code: | Alias /webcgi/ "H:/WEBCGI/"
<Directory "H:/WEBCGI/">
Options Indexes FollowSymLinks
AllowOverride none
# FORBIDDEN if not "Require all granted"
Require all granted
</Directory>
|
With the line you suggest added:
Code: | Alias /webcgi/ "H:/WEBCGI/"
<Directory "H:/WEBCGI/">
Options Indexes FollowSymLinks
AllowOverride none
# FORBIDDEN if not "Require all granted"
Require all granted
AddHandler cgi-script .cgi .exe
</Directory>
|
result is:
Forbidden
You don't have permission to access /webcgi/webbatch.exe on this server.
I'm new to Apache, so I don't understand why the Forbidden problem - which I resolved earlier with "Require all granted" - is now back. Why would AddHandler cause that? I get the same result, Forbidden, with:
Code: | AddHandler cgi-script .cgi .exe .web
|
and likewise, Forbidden, with AddHandler added outside <Directory>, like this:
Code: | </Directory>
AddHandler cgi-script .cgi .exe .web
|
What am I doing wrong? |
|
Back to top |
|
Rod
Joined: 03 Apr 2015 Posts: 8 Location: Toronto, Canada
|
Posted: Sun 05 Apr '15 21:47 Post subject: |
|
|
With
Options Indexes FollowSymLinks ExecCGI # (ExecCGI added)
I lose the Forbidden. But it puts me back to original problem: it tries to send me webbatch.exe. |
|
Back to top |
|
glsmith Moderator
Joined: 16 Oct 2007 Posts: 2268 Location: Sun Diego, USA
|
Posted: Sun 05 Apr '15 22:04 Post subject: |
|
|
I'm hoping you did not actually put that comment on the end of the Options line like shown and that was added only in your post for my benefit.
How about posting just that specific <Directory> container. I know using the AddHandler works, I use it myself for a compiled javascript to query a GeoIP database.
Code: | <Directory "/path/to/some/folder/geo">
Options Includes ExecCGI SymLinksIfOwnerMatch
AllowOverride FileInfo
# The below line is REQUIRED to run .exe as a cgi
AddHandler cgi-script .exe
Require all granted
</Directory>
|
|
|
Back to top |
|
glsmith Moderator
Joined: 16 Oct 2007 Posts: 2268 Location: Sun Diego, USA
|
Posted: Sun 05 Apr '15 22:20 Post subject: |
|
|
Oh man, you had a post in there I went right by, with your config, looking now ...
Ok, that looks fine, anything strange in your error log on the subject?
I'm going to assume you restarted Apache each time you made changes.
Last edited by glsmith on Sun 05 Apr '15 22:49; edited 1 time in total |
|
Back to top |
|
glsmith Moderator
Joined: 16 Oct 2007 Posts: 2268 Location: Sun Diego, USA
|
Posted: Sun 05 Apr '15 22:32 Post subject: |
|
|
I should also mention a very overlooked but handy thing when working with cgi.
ScriptLog logs/script-error.log
The ScriptLog basically will echo all the cgi's STDERR output to the configured ScriptLog file, very useful more often than not.
syntax error at C:/Apache24/htdocs/index.cgi line 81, near "elsif {" |
|
Back to top |
|
Rod
Joined: 03 Apr 2015 Posts: 8 Location: Toronto, Canada
|
Posted: Sun 05 Apr '15 23:16 Post subject: |
|
|
glsmith wrote: | I'm hoping you did not actually put that comment on the end of the Options line like shown....
How about posting just that specific <Directory> container.
|
Yes, I have learned that end-of-line comments don't work.
Directory container...sorry, don't know what you mean by container. I haven't done that? My /webcgi/ folder is H:\WEBCGI. |
|
Back to top |
|
Rod
Joined: 03 Apr 2015 Posts: 8 Location: Toronto, Canada
|
Posted: Sun 05 Apr '15 23:58 Post subject: |
|
|
glsmith wrote: | anything strange in your error log on the subject?
I'm going to assume you restarted Apache each time you made changes. |
Yes, I restart Apache every time I change a config.
Hmmm. At some point, Webbatch popped up a message in Firefox: "There are 86 days remaining on your evaluation license." Taunt me, why not. But obviously it managed to talk to my web browser, somehow.
apache_error.log looks clean on start-up, except for some warnings:
[alias:warn] The Alias directive in H:/WAMPSERVER/alias/phpmyadmin.conf at line 1 will probably never match because it overlaps an earlier Alias.
[alias:warn] The Alias directive in H:/WAMPSERVER/alias/webcgi.conf at line 1 will probably never match because it overlaps an earlier Alias.
[alias:warn] The Alias directive in H:/WAMPSERVER/alias/phpmyadmin.conf at line 1 will probably never match because it overlaps an earlier Alias.
[alias:warn] The Alias directive in H:/WAMPSERVER/alias/webcgi.conf at line 1 will probably never match because it overlaps an earlier Alias.
The warnings that refer to webcgi.conf have me baffled, because there is no reference to webcgi in httpd.conf. So what could be causing the warnings? And...does a warning like that imply that webcgi.conf is being ignored, rather than being used to configure the server? |
|
Back to top |
|
Rod
Joined: 03 Apr 2015 Posts: 8 Location: Toronto, Canada
|
Posted: Mon 06 Apr '15 0:21 Post subject: |
|
|
Okay, I've managed to get rid of the warnings. I had
Include "H:/WAMPSERVER/alias/*"
at the end of my httpd.conf
I've commented that out, because it seems WampServer does the including for me.
So now it's a clean Apache start up, with no warnings, and my <Directory> looks like this:
Code: | <Directory "H:/WEBCGI/">
Options Includes ExecCGI SymLinksIfOwnerMatch
AddHandler cgi-script .exe
AllowOverride FileInfo
# echo all the cgi's STDERR output to the configured ScriptLog file
ScriptLog logs/script-error.log
# line below is REQUIRED to run .exe as a cgi
AddHandler cgi-script .exe
# line below is required, or FORBIDDEN
Require all granted
</Directory>
|
And now
192.168.1.20/webcgi/webbatch.exe?webcgi/hello.web
gives me
Not Found
The requested URL /webcgi/webbatch.exe was not found on this server.
That's progress, yes? |
|
Back to top |
|
glsmith Moderator
Joined: 16 Oct 2007 Posts: 2268 Location: Sun Diego, USA
|
Posted: Mon 06 Apr '15 0:59 Post subject: |
|
|
Rod wrote: | The warnings that refer to webcgi.conf have me baffled, because there is no reference to webcgi in httpd.conf. So what could be causing the warnings? And...does a warning like that imply that webcgi.conf is being ignored, rather than being used to configure the server? |
Remember that it doesn't necessarily have to be just in httpd.conf, there are other files that have Alias in them like httpd-autoindex and httpd-manual, two that I can think of off the top of my head. You are also Include(ing) files of your own. It could be due to the order of how you include these files. It's saying the same thing about phpmyadmin as well. Did you used to have these in one file and break into two and forget to remove the include for the original? It may also be in the way the config is merged, there is a whole section at the bottom of http://httpd.apache.org/docs/2.4/sections.html going into to those gory details.
I had this happen to me long long ago. I do not remember the specifics and about all I remember is I had to go through my conf files line by line more than once before it finally jumped out at me.
I do my Aliases inside the VirtualHost for the specific hostname I'm dealing with unless I do actually want them global (so very few).
As for the second part of your question, it's not completely ignoring it, but it sounds as if Alias/AliasMatch/ScriptAlias is going to jump on the first matching one it comes to. Many other directives can be overwritten by a similar later on in the config, evidently not these and they are of the same family. They each serve different purposes but you need to also think of them sort of as one.
Alias /something /path/to/something
ScriptAlias /something /path/to/something-else
The first will be the one used when I go to http://www.somesite.com/something |
|
Back to top |
|
Rod
Joined: 03 Apr 2015 Posts: 8 Location: Toronto, Canada
|
Posted: Mon 06 Apr '15 1:51 Post subject: |
|
|
In httpd.conf:
Code: | DocumentRoot "H:/WAMPSERVER/www/"
<Directory "H:/WAMPSERVER/www/">
Options Indexes FollowSymLinks
AllowOverride None
Allow from All
Require all granted
</Directory>
|
That folder is accessible.
In my HELLO link, 192.168.1.20/index.html
that index.html is stored in /www/.
It displays beautifully. Happy 'r' I.
In webcgi.conf:
Code: | Alias /webcgi/ "H:/WEBCGI/"
<Directory "H:/WEBCGI/">
Options Indexes FollowSymLinks
AllowOverride None
ScriptLog logs/script-error.log
AddHandler cgi-script .exe
Allow from All
Require all granted
</Directory>
|
My WEBCGI link, 192.168.1.20/webcgi/index.html
where index.html is stored in /webcgi/.
That link gives me N-N-N-Not Found.
So how are they different? Where is access being blocked, or not opened? I'm stumped.
My experience is mostly applications programming (C, PL/1, REXX, SQL, etc), not much web experience. I'm finding Apache disagreeably complex and frustrating, in terms of setting it up. Years ago, I set it up and got it working with Webbatch. Back then, I think it was only about two hours before I had it all figured out and running. In the intervening years, Apache has become a jungle of complexity. I believe in KISS, keep it simple. Otherwise a person starts to feel stupid. |
|
Back to top |
|
glsmith Moderator
Joined: 16 Oct 2007 Posts: 2268 Location: Sun Diego, USA
|
Posted: Mon 06 Apr '15 5:03 Post subject: |
|
|
I don't know. I hate to say this cause I do not want to sound like I'm rubbing it in but it was actually pretty easy. The one thing I did however was give it a VirtualHost and the Alias is in the VirtualHost. This shouldn't matter any though.
link removed
Code: | <VirtualHost *:88>
ServerName webbatch.linkpc.net
DocumentRoot "h:/home/webbatch/public_html"
<Directory "h:/home/webbatch/public_html">
Options SymLinksIfOwnerMatch
AllowOverride FileInfo
Require all granted
</Directory>
Alias /webcgi h:/webbatch
<Directory "h:/webbatch">
Options ExecCGI
AllowOverride FileInfo
AddHandler cgi-script .exe
Require all granted
</Directory>
# Deal with information disclosure vulnerability/(cough) feature
# CVE-2007-5011
<If "%{QUERY_STRING} =~ /dumpinputdata/">
# Restrict access to the local server itself
Require local
</If>
# Do not allow downloading the DLLs
<Files ~ "\.dll$">
Require all denied
</Files>
</VirtualHost> |
My only suggestion is you post the complete config at http://apaste.info/ and post the link to it here and let us have a look at it. I or someone may see something.
This WebBatch is quite spendy. To have an almost 8 year old information disclosure vulnerability (CVE-2007-5011) is rather disgusting. The least they could do is force authentication for ?dumpinputdata.
As far as Apache being much more complicated than before, I would not agree. All the things that were there in 1.3.0 are still here in 2.4. The difference is there is just a lot more (use it or not) but the Access and Authentication I admit has changed.
Last edited by glsmith on Mon 06 Apr '15 19:37; edited 1 time in total |
|
Back to top |
|
Rod
Joined: 03 Apr 2015 Posts: 8 Location: Toronto, Canada
|
Posted: Mon 06 Apr '15 7:31 Post subject: |
|
|
glsmith wrote: | I hate to say this...but it was actually pretty easy. |
Yeah, it's easy when you know what you're doing. You obviously do. LOL
I have managed to get Webbatch working!
I resolved the Forbidden and Not Found problems I was having by moving everything within the main folder, defined in httpd.conf, that had access. I may rearrange things later, now that I have basic grip on it. But at least now I can start working on the website instead of spinning my wheels.
And thanks to your very helpful suggestion (AddHandler), Webbatch runs now. I'm delighted.
I will look into the security issues you've referred to. Thank you for pointing me to them.
You're right, Webbatch is a bit pricy. But it will let me use their scripting language, Winbatch, which I'm extremely familiar with. I've used it for many years. I appreciate its clean and simple syntax, more than I do Javascript or PHP or any of the other popular scripting languages.
One really nice feature of Winbatch is it's an extremely extendable language. I can create my own compiled functions (in DLLs) and access them as part of the script. I've written hundreds of my own functions. In that way, it provides both the convenience and ease of scripting and the brute speed of C.
Years ago, I had probably the fastest music data site on the web. Enter the name of a song, it would shoot back up to 2,000 names of
albums that song appeared on, and it did so in generally less than 0.8 sec. That used Webbatch and Winbatch. Click on any album, you could see all the song titles on it. Or you could see all the albums done by a particular artist. I had a few million albums in the database. That was all it did. Just info. But I granted public access because it was very useful to me, for identifying MP3s. Many posters give only the track number and song title, but not the artist or album.
Then that drive failed. That ended that web offering. That was before I learned to back things up.
Thank you very much for your assistance! Much appreciated. Cheers.
Rod |
|
Back to top |
|
glsmith Moderator
Joined: 16 Oct 2007 Posts: 2268 Location: Sun Diego, USA
|
Posted: Mon 06 Apr '15 18:46 Post subject: |
|
|
Great, glad you got it sorted out! |
|
Back to top |
|
|
|
|
|
|