« Census Bureau | Main | No Red Wings hockey »

Mixing cgiwrap and htaccess

As part of my photo album, there's a control panel cgi that needs to be password-protected. But I still need to run it via cgiwrap, which is a problem, as the .htaccess file isn't applied.

Email tech support at Pair.

Reply 1:

To get around this, you can copy the cgiwrap file from :

/usr/www/cgi-bin/

You would want to place this file into a directory off of your cgi-bin
directory in your account, and then place the .htaccess file in this
directory with the username and password you want.

Problem: cgiwrap is non-readable suid root. I can't just copy it. Reply 2:

The only way this can be done is by creating a symbolic link to the
folder. In order to this type the following command

ln -s /usr/www/cgi-bin/ cgiwrap

within the '/usr/www/users/drissman/cgi-bin/photo/' folder.

OK, well, that allows me to get cgiwrap to play with htaccess. But that still doesn't prevent people from just using the system cgiwrap to bypass the htaccess. Reply 3:

You need to make sure to check the environment variables for your script
and if the 'REMOTE_USER' variable is not set, refuse the script to run.

Simple. If I knew Perl.

After about ten minutes of futzing around on the web and trying different stuff, I think I have it:

use CGI;
use File::Path; #for removing a directory tree
$cur = CGI->new();
$version = "4.0";
        
if(!$cur->remote_user){
        print "Content-type: text/plain", "\n\n";
        print "No access";
        exit;
}

require "../common.pl";

Yay.

Post a comment