[arch-general] community/NUT access cgi in /usr/share/nut/cgi without FollowSymLinks?
alucryd at archlinux.org
Fri Jun 5 09:04:39 UTC 2020
June 3, 2020 8:24 AM, "David C. Rankin" <drankinatty at suddenlinkmail.com
> All / Maxime,
> With the nut build option setting:
> --with-cgipath=/usr/share/nut/cgi \
> when using apache with the default /srv/http/cgi-bin location, how
> are you
> supposed to access the cgi files in /usr/share/nut/cgi "Safely"?
> I have the entire /usr/share/nut/html directory protected by a dbm
> file manipulated with dbmmanage, so to reach the <Directory> you must
> authenticate. That said, the only way I can make the cgi scripts work
> is by
> setting Options FollowSymLinks in the <Directory> for "/srv/http/cgi-
> after symlinking (e.g. ln -s /usr/share/nut/cgi /srv/http/cgi-
> Is this safe? Is this intended way to provide access to the cgi
> David C. Rankin, J.D.,P.E.
I haven't used apache in years so please take this with a grain of
salt. On nginx I'm using the alias directive, restricting access to
the upsset.cgi to my local network , as suggested by the nut
documentation in /etc/upsset.conf. It seems apache has a similar alias directive so you may be able to achieve the same without using any symlink .
More information about the arch-general