[arch-general] community/NUT access cgi in /usr/share/nut/cgi without FollowSymLinks?
All / Maxime, With the nut build option setting: --with-cgipath=/usr/share/nut/cgi \ when using apache with the default /srv/http/cgi-bin location, how are you supposed to access the cgi files in /usr/share/nut/cgi "Safely"? I have the entire /usr/share/nut/html directory protected by a dbm database file manipulated with dbmmanage, so to reach the <Directory> you must authenticate. That said, the only way I can make the cgi scripts work is by setting Options FollowSymLinks in the <Directory> for "/srv/http/cgi-bin" after symlinking (e.g. ln -s /usr/share/nut/cgi /srv/http/cgi-bin/nut) Is this safe? Is this intended way to provide access to the cgi scripts? -- David C. Rankin, J.D.,P.E.
June 3, 2020 8:24 AM, "David C. Rankin" wrote: All / Maxime, With the nut build option setting: --with-cgipath=/usr/share/nut/cgi \ when using apache with the default /srv/http/cgi-bin location, how
are you
supposed to access the cgi files in /usr/share/nut/cgi "Safely"? I have the entire /usr/share/nut/html directory protected by a dbm
database
file manipulated with dbmmanage, so to reach the <Directory> you must
authenticate. That said, the only way I can make the cgi scripts work
is by
setting Options FollowSymLinks in the <Directory> for "/srv/http/cgi-
bin"
after symlinking (e.g. ln -s /usr/share/nut/cgi /srv/http/cgi-
bin/nut) Is this safe? Is this intended way to provide access to the cgi
scripts? --
David C. Rankin, J.D.,P.E. Hi David,
I haven't used apache in years so please take this with a grain of
salt. On nginx I'm using the alias directive, restricting access to
the upsset.cgi to my local network [0], as suggested by the nut
documentation in /etc/upsset.conf. It seems apache has a similar alias directive so you may be able to achieve the same without using any symlink [1].
[0] https://paste.xinu.at/BNUJFeuBycXUw8fB/
[1] https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias
Cheers,
--
Maxime
On 06/05/2020 04:04 AM, Maxime Gauduin via arch-general wrote:
Hi David,
I haven't used apache in years so please take this with a grain of salt. On nginx I'm using the alias directive, restricting access to the upsset.cgi to my local network [0], as suggested by the nut documentation in /etc/upsset.conf. It seems apache has a similar alias directive so you may be able to achieve the same without using any symlink [1].
[0] https://paste.xinu.at/BNUJFeuBycXUw8fB/ [1] https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias
Cheers,
Thanks for the reply,
I already use the alias for the html directory, but the problem is with the
cgi scripts since the default cgi-bin directory is /srv/http/cgi-bin, you
cannot declare a second alias for cgi-bin to /usr/share/nut/cgi -- apache will
fail to start due to conflicting aliases.
Currently I have:
## nut directory
Alias /nut/ "/usr/share/nut/html/"
Alias /nut "/usr/share/nut/html/"
Hello David,
On 6 Jun 2020 10:33 a.m., "David C. Rankin"
Hi David,
I haven't used apache in years so please take this with a grain of salt. On nginx I'm using the alias directive, restricting access to the upsset.cgi to my local network [0], as suggested by the nut documentation in /etc/upsset.conf. It seems apache has a similar alias
directive so you may be able to achieve the same without using any symlink [1].
[0] https://paste.xinu.at/BNUJFeuBycXUw8fB/ [1] https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias
Cheers,
Thanks for the reply,
I already use the alias for the html directory, but the problem is with
the
cgi scripts since the default cgi-bin directory is /srv/http/cgi-bin, you
cannot declare a second alias for cgi-bin to /usr/share/nut/cgi -- apache
will
fail to start due to conflicting aliases.
That would work with location statements in nginx. You can use more than
one per path and the best fitting one will be used. Perhaps you could
switch over to nginx and/or reverse proxy to your Apache if you need it for
some paths?
Currently I have:
## nut directory
Alias /nut/ "/usr/share/nut/html/"
Alias /nut "/usr/share/nut/html/"
participants (3)
-
David C. Rankin
-
Maxime Gauduin
-
NTS