[Pkg-apache-commits] r1111 - in /trunk/apache2: README.Debian changelog
sf at alioth.debian.org
sf at alioth.debian.org
Sat Jan 2 17:12:35 UTC 2010
Author: sf
Date: Sat Jan 2 17:12:35 2010
New Revision: 1111
URL: http://svn.debian.org/wsvn/pkg-apache/?sc=1&rev=1111
Log:
Add hint README.Debian on how to pass auth info to CGI scripts.
Closes: #483219
Modified:
trunk/apache2/README.Debian
trunk/apache2/changelog
Modified: trunk/apache2/README.Debian
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/README.Debian?rev=1111&op=diff
==============================================================================
--- trunk/apache2/README.Debian (original)
+++ trunk/apache2/README.Debian Sat Jan 2 17:12:35 2010
@@ -327,3 +327,12 @@
Since 2.2.12, Apache is stricter about certain misconfigurations concerning
name based SSL virtual hosts. See NEWS.Debian.gz for more details.
+
+7) Apache does not pass Authorization header to CGI scripts
+
+This is intentional to avoid security holes. If you really want to change it,
+you can use mod_rewrite:
+
+ RewriteCond %{HTTP:Authorization} (.*)
+ RewriteRule . - [env=HTTP_AUTHORIZATION:%1]
+
Modified: trunk/apache2/changelog
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/changelog?rev=1111&op=diff
==============================================================================
--- trunk/apache2/changelog (original)
+++ trunk/apache2/changelog Sat Jan 2 17:12:35 2010
@@ -4,6 +4,8 @@
to /etc/apache2/envvars on how to change the options for www-browser.
Closes: #561496, #272069
* Improve function to detect apache2 pid in init-script (closes: #562583).
+ * Add hint README.Debian on how to pass auth info to CGI scripts.
+ Closes: #483219
* Point to README.backtrace in apache2-dbg's description.
-- Stefan Fritsch <sf at debian.org> Sat, 02 Jan 2010 17:41:40 +0100
More information about the Pkg-apache-commits
mailing list