[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [users@httpd] prevent cgi-bin script execution prior to authorization dialog success

On Tue, Aug 14, 2018 at 9:33 PM Jason Pitt <jnpitt@xxxxxx> wrote:
> Hello-
> I'm having an issue with trying to configure apache that I'm hoping someone can help me address.  I have several scripts located in the cgi-bin that I want to control access to.   I'm able to either put an .htaccess file in the cgi-bin or modify the apache2.conf file to prompt for a username and password when the url to the cgi script is entered into a browser, however...the script executes and sends content to the browser window before the user enters anything into the authorization dialog...furthermore the user can just cancel the authorization dialog and can then interact with the cgi generated content...the only thing getting blocked by apache is access to actual files on the webserver.  How do I prevent this behavior?
It sounds like you may not be protecting the right
URL/files/directories. What's the relevant config and URL being
accessed? What does the access log say?

To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx