Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Frustrated with Apache

99 views
Skip to first unread message

buck

unread,
Apr 7, 2013, 8:58:42 PM4/7/13
to
Please help me make cgi-bin work. This is the standard Apache 2.4.3 from
SW-14.0.

'locate mod_cgi' returns:
/usr/lib/httpd/modules/mod_cgid.so
/usr/lib/httpd/modules/mod_cgi.so

grep 'modules/mod_cgi' /etc/httpd/httpd.conf returns:
#LoadModule cgid_module lib/httpd/modules/mod_cgid.so
LoadModule cgi_module lib/httpd/modules/mod_cgi.so

Here's (what is believed to be) the applicable portion of httpd.conf:
# directives as to Alias.
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>

<IfModule cgid_module>
#
# ScriptSock: On threaded servers, designate the path to the UNIX
# socket used to communicate with the CGI daemon of mod_cgid.
#
#Scriptsock cgisock
</IfModule>

# "/srv/httpd/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
<Directory "/var/www/cgi-bin">
Options ExecCGI
Allow from all
</Directory>

The problem:
http://192.168.223.127/cgi-bin/cachemgr.cgi
run from the computer with ip 192.168.223.127 returns into error_log:
[Sun Apr 07 17:13:58.999403 2013] [authz_core:error] [pid 12752:tid
2999974720] [client 192.168.223.127:47975] AH01630: client denied by
server configuration: /var/www/cgi-bin/cachemgr.cgi

So what have I missed?
--
buck

buck

unread,
Apr 7, 2013, 10:02:26 PM4/7/13
to
buck <bu...@private.mil> wrote in news:kjt4o...@news6.newsguy.com:

> <Directory "/var/www/cgi-bin">
> Options ExecCGI
> Allow from all
> </Directory>

Replacing "Allow from all" with "Require all granted" has cgi-bin scripts
working, Now I just need to tighten up the access.

Note that "Require host 192.168.223.0/24" denies access, so if anyone knows
the correct syntax please jump in.
--
buck

Grant

unread,
Apr 7, 2013, 10:09:32 PM4/7/13
to
Closest I have (from apache 1.3!):
<Directory "/var/www/web">
Options Indexes Includes FollowSymLinks ExecCGI
AllowOverride None
Order allow,deny
Allow from all
</Directory>

I let .cgi scripts run from anywhere, as they use a security wrapper to
hide actual script from Internet access.

Giovanni

unread,
Apr 8, 2013, 10:52:32 AM4/8/13
to
'Require host' directive requires a host name (or partial host name)
For an IP/mask use "Require ip"
Your example shoud became: "Require ip 192.168.223.0/24"

Ciao
Giovanni
--
A computer is like an air conditioner,
it stops working when you open Windows.
< http://giovanni.homelinux.net/ >

buck

unread,
Apr 9, 2013, 1:01:26 PM4/9/13
to
Giovanni <lso...@home.net.it> wrote in
news:kjuljg$s9o$1...@milena.home.net.it:

> On 04/08/2013 04:02 AM, buck wrote:
>> buck <bu...@private.mil> wrote in news:kjt4o...@news6.newsguy.com:
>
> 'Require host' directive requires a host name (or partial host name)
> For an IP/mask use "Require ip"
> Your example shoud became: "Require ip 192.168.223.0/24"
>
> Ciao
> Giovanni

Thanks! That let me find that Apache 2.4 authentication is completely
different from earlier versions. And that led me to find the correct
documentation.
--
buck
0 new messages