My last effort was a little too succinct and not quite precise

enough. Try being more explicit. This does leave the danger that people will clip the <Location> example as the proper way to do things, when they should be reading on to the <Directory> example. The <Location> example is only correct when used in conjunction with Alias. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@433021 13f79535-47bb-0310-9956-ffa450edef68
2026-01-06 09:01:14 +03:00 · 2006-08-20 19:46:24 +00:00
parent 51a32c4551
commit 53133772ac
2 changed files with 34 additions and 10 deletions
--- a/docs/manual/mod/mod_alias.html.en
+++ b/docs/manual/mod/mod_alias.html.en
@@ -366,15 +366,15 @@ target as a CGI script</td></tr>
    is essentially equivalent to:</p>
    <div class="example"><p><code>
      Alias /cgi-bin/ /web/cgi-bin/<br />
-      &lt;Directory /web/cgi-bin &gt;<br />
+      &lt;Location /cgi-bin &gt;<br />
      <span class="indent">
      SetHandler cgi-script<br />
      Options +ExecCGI<br />
      </span>
-      &lt;/Directory&gt;
+      &lt;/Location&gt;
    </code></p></div>

-    <div class="note">It is safer to avoid placing CGI scripts under the
+    <div class="warning">It is safer to avoid placing CGI scripts under the
    <code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code> in order to
    avoid accidentally revealing their source code if the
    configuration is ever changed.  The
@@ -382,8 +382,20 @@ target as a CGI script</td></tr>
    URL and designating CGI scripts at the same time.  If you do
    choose to place your CGI scripts in a directory already
    accessible from the web, do not use
-    <code class="directive">ScriptAlias</code>.  Instead, use <code class="directive"><a href="../mod/core.html#directory">&lt;Directory&gt;</a></code>, <code class="directive"><a href="../mod/core.html#sethandler">SetHandler</a></code>, and <code class="directive"><a href="../mod/core.html#options">Options</a></code> as shown in the second example
-    above.</div>
+    <code class="directive">ScriptAlias</code>.  Instead, use <code class="directive"><a href="../mod/core.html#directory">&lt;Directory&gt;</a></code>, <code class="directive"><a href="../mod/core.html#sethandler">SetHandler</a></code>, and <code class="directive"><a href="../mod/core.html#options">Options</a></code> as in:
+    <div class="example"><p><code>
+      &lt;Directory /usr/local/apache2/htdocs/cgi-bin &gt;<br />
+      <span class="indent">
+      SetHandler cgi-script<br />
+      Options ExecCGI<br />
+      </span>
+      &lt;/Directory&gt;
+    </code></p></div>
+    This is necessary since multiple <var>URL-paths</var> can map
+    to the same filesystem location, potentially bypassing the
+    <code class="directive">ScriptAlias</code> and revealing the source code
+    of the CGI scripts if they are not restricted by a 
+    <code class="directive"><a href="../mod/core.html#directory">Directory</a></code> section.</div>


 <h3>See also</h3>
--- a/docs/manual/mod/mod_alias.xml
+++ b/docs/manual/mod/mod_alias.xml
@@ -361,15 +361,15 @@ target as a CGI script</description>
    is essentially equivalent to:</p>
    <example>
      Alias /cgi-bin/ /web/cgi-bin/<br />
-      &lt;Directory /web/cgi-bin &gt;<br />
+      &lt;Location /cgi-bin &gt;<br />
      <indent>
      SetHandler cgi-script<br />
      Options +ExecCGI<br />
      </indent>
-      &lt;/Directory&gt;
+      &lt;/Location&gt;
    </example>

-    <note>It is safer to avoid placing CGI scripts under the
+    <note type="warning">It is safer to avoid placing CGI scripts under the
    <directive module="core">DocumentRoot</directive> in order to
    avoid accidentally revealing their source code if the
    configuration is ever changed.  The
@@ -380,8 +380,20 @@ target as a CGI script</description>
    <directive>ScriptAlias</directive>.  Instead, use <directive
    module="core" type="section">Directory</directive>, <directive
    module="core">SetHandler</directive>, and <directive
-    module="core">Options</directive> as shown in the second example
-    above.</note>
+    module="core">Options</directive> as in:
+    <example>
+      &lt;Directory /usr/local/apache2/htdocs/cgi-bin &gt;<br />
+      <indent>
+      SetHandler cgi-script<br />
+      Options ExecCGI<br />
+      </indent>
+      &lt;/Directory&gt;
+    </example>
+    This is necessary since multiple <var>URL-paths</var> can map
+    to the same filesystem location, potentially bypassing the
+    <directive>ScriptAlias</directive> and revealing the source code
+    of the CGI scripts if they are not restricted by a 
+    <directive module="core">Directory</directive> section.</note>

 </usage>
 <seealso><a href="../howto/cgi.html">CGI Tutorial</a></seealso>