I have a text file "data.txt", and based on input to an html form I want to display a single line from that file. My result is delivered by a CGI script which needs to access data.txt, but I don't want a user to be able to type in "data.txt" into their web browser and see the whole file. Is there a simple way to make "data.txt" readable by the CGI script but not accessible by loading it with the browser?
I'm using standard apache on ubuntu. I believe the suexec module can do this, but I'm hoping for a simpler solution just using fancy permissions, chowns, etc. Thanks-
Store your datafile outside of the webserver filetree (for apache, check the DocumentRoot).
Related
I've got a little project that uses perl cgi scripts. At this moment I use Apache to run these scripts. I have an index.html file that redirects to a cgi file.
Now I want to make my project 'portable', which means that I want to be able to move the project to another location without the need to configure apache (so not changing the cgi-bin directory in the configuration). The end product would be a script (or html file) that could be opened so that a browser would pop up, just like it would run as it would be using Apache. I actually don't really know where to start.
It's not completely clear what you're asking. But I suspect you're about to find out why PSGI/Plack is such a good idea.
If you write your application to the PSGI interface then you'll be able to just drop it in to any PSGI-enabled web environment (or set up your own lightweight web server using something like Starman).
I'm writing an apache2 module
by default and when viewed in a web browser, the module would only print the first lines of a large file and convert them to HTML.
if the user choose to 'download as...', the whole raw file would be downloaded.
Is it possible to detect this choice on the server side ? (for example is there a specific http header set ?).
note: I would like to avoid any parameter in the GET url (e.g: "http://example.org/file?mode=raw" )
Pierre
added my own answer to close the question: as said #alexeyten there is no difference. I ended by a javascript code the alter the index.html file generated by apache.
I have an apache web server running on an AIX box that has Informix SE databases that I'd like to retrieve information from. I'd like to implement a web service that I can use internally and I can write a shell script that can interpret xml and return it with message data but can find no information on how to implement it in apache.
Should this be possible - without php or anything else like, just with ksh?
Thanks,
Brian.
Yes, you can implement a CGI with a very basic Apache configuration (see ScriptAlias in the default confiugration.
A minimal CGI shell script just needs to print a content-type header and followed by a blank line
The request body is available as stdin
Little executables and libraries exist to make CGI shell scripts easier to work with, but often they will not be needed. Plenty of examples for "CGI shell script" on any search engine.
I have a directory on my website specifically for javascript files, I want these javascript files to be hidden, so if I type the url to it it says Forbidden or disallows access, but my front-end website files can still access them to execute them when needed. Is there a way to do this through a FTP client?
Cheers,
Dan
You can't do this trough a ftp client. It is the task of your webserver to forbid access to certain files.
If you change permission, the webserver won't have access to them anymore, so this is not the way to go.
You must configure your webserver to restrict the access. If you're using Apache, you can use an .htaccess file. There's different ways of doing this, many depends on the way the webserver is configured.
The easiest is to put an .htaccess file in your Scripts folder which contain only this none line :
deny from all
However, like peeter said, there's a good chance this will break your site, since the browser must access theses files, so you can't restrict access.
Put a htaccess file in your scripts folder containing deny from all, but this will stop your pages from accessing the scripts also (though not if you pass them through the PHP engine first)
You're trying to hide JavaScript files that are executed on the clients side. If a client(browser) cannot access the files means non of your javascript code is executed.
If I understood your question correctly then you cannot achieve what you're trying to achieve.
I have our basic corporate static html website installed in our web root directory and our billing software installed in /portal. I have integrated the websites to look like a single site by including the /menu.tpl smarty template file in the /portal/header.tpl file. However, if I use relative URL's, the menu sysem doesnt work as the base url for the billing script is /portal. i.e. if I create a link to faq.php in the menu.tpl and I load a page on the portal site, the link in the menu back to the faq page is now /portal/faq.php whereby if I load a page off the root site the link is just /faq.php as it should be.
The obvious answer is to just use absolute URL's, but I need the site to be portable as I have many developers who need to install and test it.
I cant find anyway to resolve this. Any ideas?
I ran into the same problem as you a while ago, and after trying a lot of dead ends, I finally ended up with the following solution:
For any URL you need to be a chamelion, i.e. change its path depending on the environment, insert a PHP function that writes out the correct URL.
If you include the PHP function from a single central file, then you can change all of the URL's in the entire site automatically, based on a setting, or some pre-detected switch such as the current domain name, etc.
Example:
<?php print_base_url_plus("/menu.php"); ?>
... where print_base_url_plus() is a function which appends the base URL onto the output.
You may find that you have to change some of the URL's to be php, so they are preprocessed by the PHP engine, or, you can alter the web settings so that standard .htm files are piped through the PHP engine, just like .php files.