Is it possible to secure cgi in Apache v2.0.44 so that things like:
Code:
#!/bin/sh
echo Content-Type: text/plain
echo
cat /etc/passwd
simply don't work ?
I would like to restrict it to open only FILES IT OWNS and nothing else ... well the ideal situation would be setting a path on a virtual host basis where files could be accessed ... everything not being in that base path couldn't be accessed. Like path in the virtual host would be
/server/http/htdocs/www.example.com
and then files in the subpath of example.com can be accessed ... like for instance
/server/http/htdocs/www.example.com/example-dir/example-2ndsubdir/...
but files residing in
/server/http/htdocs/www.example.org
can't be accessed ...
Anybody has some kind of solution, hints, etc ?