Re: Method not allowed OBSD

From: Henrik Lund Kramshøj (none@hlk--kramse.dk.lh.bsd-dk.dk)
Date: Tue 06 Jun 2006 - 19:01:28 CEST

Next message: Soeren Straarup: "Re: Backup - hvor svært kan det være"
Previous message: Peter I. Hansen: "Re: Method not allowed OBSD"
In reply to: Danjel Jungersen: "Method not allowed OBSD"
Next in thread: info@bsdconsult.dk: "Re: Method not allowed OBSD"
Reply: info@bsdconsult.dk: "Re: Method not allowed OBSD"
Reply: Michael Rasmussen: "Re: Method not allowed OBSD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

From: Henrik Lund Kramshøj <none@hlk--kramse.dk.lh.bsd-dk.dk>
Subject: Re: Method not allowed OBSD
Date: Tue, 6 Jun 2006 19:01:28 +0200
To: bsd-dk@bsd-dk.dk

On Jun 6, 2006, at 3:31 PM, Danjel Jungersen wrote:

> Hej Allesammen.
>
> Jeg sidder og kæmper med at få en formular til at virke, men får hele
> tiden flg. fejl:
>
> Method Not Allowed
> The requested method POST is not allowed for the URL /cgi-
> bin/FormMail.cgi.
>
> url til min formular er:
> http://www.printlight.dk/bestil.php
>
> Jeg har kopieret FormMail.pl ind i /var/www/cgi-bin
> Renamet det til FormMail.cgi (efter først at have prøvet ".pl")
> Indsat Alias /cgi-bin /var/www/cgi-bin i httpd.conf
>
> Lige meget hvad jeg prøver, bliver den ved med at komme med den
> nævnte fejl.
>
> Nogle ideer ?
httpd er default chroot'ed på OpenBSD

      By default, httpd will chroot(2) to the ``ServerRoot'' path,
serving doc-
      uments from the ``DocumentRoot'' path. As a result of the
default secure
      behaviour, httpd cannot access any objects outside
``ServerRoot'' - this
      security measure is taken in case httpd is compromised. This
is not
      without drawbacks, though:

      CGI programs may fail due to the limited environment available
inside
      this chroot space. ``UserDir'', of course, cannot access files
outside
      the directory space. Other modules will also have issues.
      ``DocumentRoot'' directories or any other files needed must be
inside
      ``ServerRoot''. For this to work, pathnames inside the
configuration
      file do not need adjustment relative to ``ServerRoot''. For
this option
      to remain secure, it is important that no files or directories
writable
      by user www or group www are created inside the ``ServerRoot''.
fra man-siden

Så
1) har du slået det fra?
2) hvis det er slået til, har du smidt alt der skal bruges for at
sende mail
ind i dit chroot? - dvs både Perl og alt muligt

Mvh

Henrik

--
Henrik Lund Kramshøj, cand.scient, CISSP
e-mail: hlk@security6.net, tlf: 2026 6000
www.security6.net - IPv6, sikkerhed, netværk
Follower of the Great Way of Unix

Next message: Soeren Straarup: "Re: Backup - hvor svært kan det være"
Previous message: Peter I. Hansen: "Re: Method not allowed OBSD"
In reply to: Danjel Jungersen: "Method not allowed OBSD"
Next in thread: info@bsdconsult.dk: "Re: Method not allowed OBSD"
Reply: info@bsdconsult.dk: "Re: Method not allowed OBSD"
Reply: Michael Rasmussen: "Re: Method not allowed OBSD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b30 : Wed 15 Nov 2006 - 18:25:00 CET