From: Henrik Lund Kramshøj <none@hlk--kramse.dk.lh.bsd-dk.dk> Subject: Re: Method not allowed OBSD Date: Tue, 6 Jun 2006 19:01:28 +0200 To: bsd-dk@bsd-dk.dk
On Jun 6, 2006, at 3:31 PM, Danjel Jungersen wrote:
> Hej Allesammen.
>
> Jeg sidder og kæmper med at få en formular til at virke, men får hele
> tiden flg. fejl:
>
> Method Not Allowed
> The requested method POST is not allowed for the URL /cgi-
> bin/FormMail.cgi.
>
> url til min formular er:
> http://www.printlight.dk/bestil.php
>
> Jeg har kopieret FormMail.pl ind i /var/www/cgi-bin
> Renamet det til FormMail.cgi (efter først at have prøvet ".pl")
> Indsat Alias /cgi-bin /var/www/cgi-bin i httpd.conf
>
> Lige meget hvad jeg prøver, bliver den ved med at komme med den
> nævnte fejl.
>
> Nogle ideer ?
httpd er default chroot'ed på OpenBSD
By default, httpd will chroot(2) to the ``ServerRoot'' path,
serving doc-
uments from the ``DocumentRoot'' path. As a result of the
default secure
behaviour, httpd cannot access any objects outside
``ServerRoot'' - this
security measure is taken in case httpd is compromised. This
is not
without drawbacks, though:
CGI programs may fail due to the limited environment available
inside
this chroot space. ``UserDir'', of course, cannot access files
outside
the directory space. Other modules will also have issues.
``DocumentRoot'' directories or any other files needed must be
inside
``ServerRoot''. For this to work, pathnames inside the
configuration
file do not need adjustment relative to ``ServerRoot''. For
this option
to remain secure, it is important that no files or directories
writable
by user www or group www are created inside the ``ServerRoot''.
fra man-siden
Så
1) har du slået det fra?
2) hvis det er slået til, har du smidt alt der skal bruges for at
sende mail
ind i dit chroot? - dvs både Perl og alt muligt
Mvh
Henrik
-- Henrik Lund Kramshøj, cand.scient, CISSP e-mail: hlk@security6.net, tlf: 2026 6000 www.security6.net - IPv6, sikkerhed, netværk Follower of the Great Way of Unix
This archive was generated by hypermail 2b30 : Wed 15 Nov 2006 - 18:25:00 CET