Mixing cgiwrap and htaccess
As part of my photo album, there's a control panel cgi that needs to be password-protected. But I still need to run it via cgiwrap, which is a problem, as the .htaccess file isn't applied.
Email tech support at Pair.
Reply 1:
To get around this, you can copy the cgiwrap file from :
/usr/www/cgi-bin/
You would want to place this file into a directory off of your cgi-bin
directory in your account, and then place the .htaccess file in this
directory with the username and password you want.
Problem: cgiwrap is non-readable suid root. I can't just copy it. Reply 2:
The only way this can be done is by creating a symbolic link to the
folder. In order to this type the following command
ln -s /usr/www/cgi-bin/ cgiwrap
within the '/usr/www/users/drissman/cgi-bin/photo/' folder.
OK, well, that allows me to get cgiwrap to play with htaccess. But that still doesn't prevent people from just using the system cgiwrap to bypass the htaccess. Reply 3:
You need to make sure to check the environment variables for your script
and if the 'REMOTE_USER' variable is not set, refuse the script to run.
Simple. If I knew Perl.
After about ten minutes of futzing around on the web and trying different stuff, I think I have it:
use CGI;
use File::Path; #for removing a directory tree
$cur = CGI->new();
$version = "4.0";
if(!$cur->remote_user){
print "Content-type: text/plain", "\n\n";
print "No access";
exit;
}
require "../common.pl";
Yay.