[arch-general] community/NUT access cgi in /usr/share/nut/cgi without FollowSymLinks?
David C. Rankin
drankinatty at suddenlinkmail.com
Sat Jun 6 08:33:57 UTC 2020
On 06/05/2020 04:04 AM, Maxime Gauduin via arch-general wrote:
>
> Hi David,
>
> I haven't used apache in years so please take this with a grain of
> salt. On nginx I'm using the alias directive, restricting access to
> the upsset.cgi to my local network [0], as suggested by the nut
> documentation in /etc/upsset.conf. It seems apache has a similar alias directive so you may be able to achieve the same without using any symlink [1].
>
> [0] https://paste.xinu.at/BNUJFeuBycXUw8fB/
> [1] https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias
>
> Cheers,
>
Thanks for the reply,
I already use the alias for the html directory, but the problem is with the
cgi scripts since the default cgi-bin directory is /srv/http/cgi-bin, you
cannot declare a second alias for cgi-bin to /usr/share/nut/cgi -- apache will
fail to start due to conflicting aliases.
Currently I have:
## nut directory
Alias /nut/ "/usr/share/nut/html/"
Alias /nut "/usr/share/nut/html/"
<Directory "/usr/share/nut/html">
...
<Directory "/usr/share/nut/cgi">
Options +ExecCGI
</Directory>
The problem is that the link in the nut files is hardwired to, e.g.:
http://yourdomain.tld/cgi-bin/nut/upsstats.cgi
so it looks for the cgi-bin directory off of the document root not under
/usr/share/nut/cgi and you can't alias to /cgi-bin/nut to /usr/share/nut/cgi
because /cgi-bin/nut will never match due to the default alias of /cgi-bin.
So it looks like the way I have it will have to work, otherwise we have to
hack the urls in the nut/html files to look for the cgi scripts in
/usr/share/nut/cgi instead of under /cgi-bin/nut
--
David C. Rankin, J.D.,P.E.
More information about the arch-general
mailing list