# problem executing program in /home/*/public_html/cgi-bin

## duderonomy

I am running into a problem with an apache1 configuration which is 

slightly modified from the default. 

I get an error when attempting to run a program in the: 

"/home/*/public_html/cgi-bin" 

directory. 

I would be grateful to have some peers look at my configs which 

are pasted below (in full living length). 

As far as basic execute permissions go, for the purposes of this 

discussion, assume they are OK. I know I know... but I have verified 

the basics... For example, the files (printenv and test-cgi) can 

be executed in the main cgi directory at "/var/www/localhost/cgi-bin" 

however I am unable to get the same files to execute in the 

"/home/*/public_html/cgi-bin" directory. I can run those programs 

manually from the command line as user which is different than my 

own by su'ing to an alternate username/userid ... so there, from what

I can tell, there is no pathname-related permissions issue. 

I am guessing that the error in the "/var/log/apache/suexec_log" file is

my biggest clue-by-four.  :Smile: 

Server info:

```
Server Version: Apache/1.3.31 (Unix) (Gentoo/Linux) AxKit/1.61 mod_perl/1.27

```

/var/log/apache/error_log:

```
[Sat Nov 13 18:40:31 2004] [error] [client 192.168.1.102] Premature end of script headers: /home/dks/public_html/cgi-bin/test-script

```

/var/log/apache/suexec_log:

```

[2004-11-13 18:40:31]: info: (target/actual) uid: (dks/dks) gid: (mwi/mwi) cmd: printparams

[2004-11-13 18:40:31]: crit: cannot run as forbidden uid (501/printparams)

```

/etc/apache/apache.conf:

```
### /etc/apache/conf/apache.conf

### $Id: apache.conf,v 1.4 2004/04/04 17:59:30 zul Exp $

###

### Main Configuration Section

### You really shouldn't change these settings unless you're a guru

###

ServerType standalone

ServerRoot /etc/apache

#ServerName localhost

#LockFile /etc/httpd/httpd.lock

PidFile /var/run/apache.pid

ScoreBoardFile /etc/apache/apache.scoreboard

ErrorLog logs/error_log

LogLevel warn

ResourceConfig /dev/null

AccessConfig /dev/null

DocumentRoot /var/www/localhost/htdocs

### Dynamic Shared Object (DSO) Support

### 

###

LoadModule mmap_static_module modules/mod_mmap_static.so

LoadModule env_module         modules/mod_env.so

LoadModule config_log_module  modules/mod_log_config.so

LoadModule agent_log_module   modules/mod_log_agent.so

LoadModule referer_log_module modules/mod_log_referer.so

LoadModule mime_magic_module  modules/mod_mime_magic.so

LoadModule mime_module        modules/mod_mime.so

LoadModule negotiation_module modules/mod_negotiation.so

LoadModule status_module      modules/mod_status.so

LoadModule info_module        modules/mod_info.so

LoadModule includes_module    modules/mod_include.so

LoadModule autoindex_module   modules/mod_autoindex.so

LoadModule dir_module         modules/mod_dir.so

LoadModule cgi_module         modules/mod_cgi.so

LoadModule asis_module        modules/mod_asis.so

LoadModule imap_module        modules/mod_imap.so

LoadModule action_module      modules/mod_actions.so

LoadModule speling_module     modules/mod_speling.so

LoadModule userdir_module     modules/mod_userdir.so

LoadModule proxy_module       modules/libproxy.so

LoadModule alias_module       modules/mod_alias.so

LoadModule rewrite_module     modules/mod_rewrite.so

LoadModule access_module      modules/mod_access.so

LoadModule auth_module        modules/mod_auth.so

LoadModule anon_auth_module   modules/mod_auth_anon.so

LoadModule dbm_auth_module    modules/mod_auth_dbm.so

LoadModule db_auth_module     modules/mod_auth_db.so

LoadModule digest_module      modules/mod_digest.so

LoadModule cern_meta_module   modules/mod_cern_meta.so

LoadModule expires_module     modules/mod_expires.so

LoadModule headers_module     modules/mod_headers.so

LoadModule usertrack_module   modules/mod_usertrack.so

LoadModule example_module     modules/mod_example.so

LoadModule unique_id_module   modules/mod_unique_id.so

LoadModule setenvif_module    modules/mod_setenvif.so

<IfDefine PERL>

LoadModule perl_module    extramodules/libperl.so

</IfDefine>

LoadModule vhost_alias_module   modules/mod_vhost_alias.so

#  Reconstruction of the complete module list from all available modules

#  (static and shared ones) to achieve correct module execution order.

#  [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE THIS, TOO]

ClearModuleList

AddModule mod_mmap_static.c

AddModule mod_env.c

AddModule mod_log_config.c

AddModule mod_log_agent.c

AddModule mod_log_referer.c

AddModule mod_mime_magic.c

AddModule mod_mime.c

AddModule mod_negotiation.c

AddModule mod_status.c

AddModule mod_info.c

AddModule mod_include.c

AddModule mod_autoindex.c

AddModule mod_dir.c

AddModule mod_cgi.c

AddModule mod_asis.c

AddModule mod_imap.c

AddModule mod_actions.c

AddModule mod_speling.c

AddModule mod_userdir.c

AddModule mod_proxy.c

AddModule mod_alias.c

AddModule mod_rewrite.c

AddModule mod_access.c

AddModule mod_auth.c

AddModule mod_auth_anon.c

AddModule mod_auth_dbm.c

AddModule mod_auth_db.c

AddModule mod_digest.c

AddModule mod_cern_meta.c

AddModule mod_expires.c

AddModule mod_headers.c

AddModule mod_usertrack.c

AddModule mod_example.c

AddModule mod_unique_id.c

AddModule mod_so.c

AddModule mod_setenvif.c

<IfDefine PERL>

AddModule mod_perl.c

</IfDefine>

AddModule mod_vhost_alias.c

###

### Global Configuration

###

# Splitting up apache.conf into two files makes it possible to support

# multiple configurations on the same serer.  In commonapache.conf

# you keep directives that apply to all implementations and in this

# file you keep server-specific directives.  While we don't yet have

# multiple configurations out-of-the-box, this allows us to do that

# in the future easily.

Include conf/commonapache.conf

Include conf/axkit.conf

###

### IP Address/Port

###

#BindAddress *

Port 8633

Listen 8633

###

### Log configuration Section

###

# Single logfile with access, agent and referer information

# This is the default, if vlogs are not defined for the main server

CustomLog logs/access_log combined env=!VLOG

# If VLOG is defined in conf/vhosts/Vhosts.conf, we use this entry

#CustomLog "|/usr/sbin/apachesplitlogfile" vhost env=VLOG

###

### Virtual Hosts 

###

# We include different templates for Virtual Hosting. Have a look in the 

# vhosts directory and modify to suit your needs.

#Include conf/vhosts/Vhosts.conf

#Include conf/vhosts/DynamicVhosts.conf

#Include conf/vhosts/VirtualHomePages.conf

###

### Performance settings Section

###

#

# Timeout: The number of seconds before receives and sends time out.

#

Timeout 300

#

# KeepAlive: Whether or not to allow persistent connections (more than

# one request per connection). Set to "Off" to deactivate.

#

KeepAlive On

#

# MaxKeepAliveRequests: The maximum number of requests to allow

# during a persistent connection. Set to 0 to allow an unlimited amount.

# We recommend you leave this number high, for maximum performance.

#

MaxKeepAliveRequests 100

#

# KeepAliveTimeout: Number of seconds to wait for the next request from the

# same client on the same connection.

#

KeepAliveTimeout 15

#

# Server-pool size regulation.  Rather than making you guess how many

# server processes you need, Apache dynamically adapts to the load it

# sees --- that is, it tries to maintain enough server processes to

# handle the current load, plus a few spare servers to handle transient

# load spikes (e.g., multiple simultaneous requests from a single

# Netscape browser).

#

# It does this by periodically checking how many servers are waiting

# for a request.  If there are fewer than MinSpareServers, it creates

# a new spare.  If there are more than MaxSpareServers, some of the

# spares die off.  The default values are probably OK for most sites.

#

MinSpareServers 4

MaxSpareServers 10

#

# Number of servers to start initially --- should be a reasonable ballpark

# figure.

#

StartServers 4

#

# Limit on total number of servers running, i.e., limit on the number

# of clients who can simultaneously connect --- if this limit is ever

# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.

# It is intended mainly as a brake to keep a runaway server from taking

# the system with it as it spirals down...

#

MaxClients 150

#

# MaxRequestsPerChild: the number of requests each child process is

# allowed to process before the child dies.  The child will exit so

# as to avoid problems after prolonged use when Apache (and maybe the

# libraries it uses) leak memory or other resources.  On most systems, this

# isn't really needed, but a few (such as Solaris) do have notable leaks

# in the libraries. For these platforms, set to something like 10000

# or so; a setting of 0 means unlimited.

#

# NOTE: This value does not include keepalive requests after the initial

#       request per connection. For example, if a child process handles

#       an initial request and 10 subsequent "keptalive" requests, it

#       would only count as 1 request towards this limit.

#

MaxRequestsPerChild 500

# LimitRequestBody: This directvie specifies the number of bytes from 0 

# (meaning unlimited) to 2147483647 (2B) that are allows in a request body.

# The LimitRequestBody directive allows the user to set a limit on allowed

# size of an HTTP request message body within the context in which the

# directive is given ( server, per-directory, per-file, or per-location).

# If the client requests exceeds that limit, the server will return an 

# error response insteam of servicing the request. The size of a normal

# request message body will vary greatly depending on the nature of the resource# and the methods aloowed on the resource. 

#

# NOTE: If, for example, you are permitting file uploads to a particular

# location, and wich to limit the size of the upload to 100K, you might use the

# following directive: LimitRequestBody 102400

# Default: 524288

#LimitRequestBody 524288

```

/etc/apache/commonapache.conf:

```
### /etc/apache/conf/commonapache.conf

### $Id: commonapache.conf,v 1.7 2004/06/03 16:25:52 zul Exp $

###

### Common server configuration.

###

User apache

Group apache

#

# ServerAdmin: Your address, where problems with the server should be

# e-mailed.  This address appears on some server-generated pages, such

# as error documents.

#

ServerAdmin root@localhost

# DocumentRoot: The directory out of which you will serve your

# documents. By default, all requests are taken from this directory, but

# symbolic links and aliases may be used to point to other locations.

# DO NOT MODIFY THIS ONE, USE apache.conf.

#DocumentRoot /home/httpd/htdocs

#

# Each directory to which Apache has access, can be configured with respect

# to which services and features are allowed and/or disabled in that

# directory (and its subdirectories). 

#

# First, we configure the "default" to be a very restrictive set of 

# permissions.  

#

# Also, for security, we disable indexes globally

#

#<Directory />

#    Options -Indexes FollowSymLinks

#    AllowOverride None

#</Directory>

#Restricted set of options 

<Directory />

  Options -All -Multiviews FollowSymLinks

  AllowOverride None

  Order deny,allow

  Deny from all

</Directory>

#

# Note that from this point forward you must specifically allow

# particular features to be enabled - so if something's not working as

# you might expect, make sure that you have specifically enabled it

# below.

#

#

# UserDir: The name of the directory which is appended onto a user's home

# directory if a ~user request is received.

#

<IfModule mod_userdir.c>

    UserDir public_html

</IfModule>

    

#

# DirectoryIndex: Name of the file or files to use as a pre-written HTML

# directory index.  Separate multiple entries with spaces.

#

<IfModule mod_dir.c>

    DirectoryIndex index.html index.php index.shtml index.cgi index.pl

</IfModule>

#

# AccessFileName: The name of the file to look for in each directory

# for access control information.

#

AccessFileName .htaccess

#

# The following lines prevent .htaccess files from being viewed by

# Web clients.  Since .htaccess files often contain authorization

# information, access is disallowed for security reasons.  Comment

# these lines out if you want Web visitors to see the contents of

# .htaccess files.  If you change the AccessFileName directive above,

# be sure to make the corresponding changes here.

#

# Also, folks tend to use names such as .htpasswd for password

# files, so this will protect those as well.

#

<Files ~ "^\.ht">

    Order allow,deny

    Deny from all

</Files>

#

# CacheNegotiatedDocs: By default, Apache sends "Pragma: no-cache" with each

# document that was negotiated on the basis of content. This asks proxy

# servers not to cache the document. Uncommenting the following line disables

# this behavior, and proxies will be allowed to cache the documents.

#

#CacheNegotiatedDocs

#

# UseCanonicalName:  (new for 1.3)  With this setting turned on, whenever

# Apache needs to construct a self-referencing URL (a URL that refers back

# to the server the response is coming from) it will use ServerName and

# Port to form a "canonical" name.  With this setting off, Apache will

# use the hostname:port that the client supplied, when possible.  This

# also affects SERVER_NAME and SERVER_PORT in CGI scripts.

#

UseCanonicalName On

#

# TypesConfig describes where the mime.types file (or equivalent) is

# to be found.

#

<IfModule mod_mime.c>

    TypesConfig conf/mime.types

</IfModule>

#

# DefaultType is the default MIME type the server will use for a document

# if it cannot otherwise determine one, such as from filename extensions.

# If your server contains mostly text or HTML documents, "text/plain" is

# a good value.  If most of your content is binary, such as applications

# or images, you may want to use "application/octet-stream" instead to

# keep browsers from trying to display binary files as though they are

# text.

#

DefaultType text/plain

#

# The mod_mime_magic module allows the server to use various hints from the

# contents of the file itself to determine its type.  The MIMEMagicFile

# directive tells the module where the hint definitions are located.

# mod_mime_magic is not part of the default server (you have to add

# it yourself with a LoadModule [see the DSO paragraph in the 'Global

# Environment' section], or recompile the server and include mod_mime_magic

# as part of the configuration), so it's enclosed in an <IfModule> container.

# This means that the MIMEMagicFile directive will only be processed if the

# module is part of the server.

#

<IfModule mod_mime_magic.c>

    MIMEMagicFile conf/magic

</IfModule>

#

# HostnameLookups: Log the names of clients or just their IP addresses

# e.g., www.apache.org (on) or 204.62.129.132 (off).

# The default is off because it'd be overall better for the net if people

# had to knowingly turn this feature on, since enabling it means that

# each client request will result in AT LEAST one lookup request to the

# nameserver.

#

HostnameLookups Off

# The following directives define some format nicknames for use with

# a CustomLog directive (see below).

#

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

LogFormat "%h %l %u %t \"%r\" %>s %b" common

LogFormat "%{Referer}i -> %U" referer

LogFormat "%{User-agent}i" agent

LogFormat "%v %h %l %u %t \"%r\" %>s %b %T" script

LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" VLOG=%{VLOG}e" vhost

#

# The location and format of the access logfile (Common Logfile Format).

#CustomLog logs/access_log common

#

# If you would like to have agent and referer logfiles, uncomment the

# following directives.

#

#CustomLog logs/referer_log referer

#CustomLog logs/agent_log agent

#

# If you prefer a single logfile with access, agent, and referer information

# (Combined Logfile Format) you can use the following directive.

#

#CustomLog logs/access_log combined

#

# Optionally add a line containing the server version and virtual host

# name to server-generated pages (error documents, FTP directory listings,

# mod_status and mod_info output etc., but not CGI generated documents).

# Set to "EMail" to also include a mailto: link to the ServerAdmin.

# Set to one of:  On | Off | EMail

#

ServerSignature On

#

# Aliases: Add here as many aliases as you need (with no limit). The format is 

# Alias fakename realname

#

<IfModule mod_alias.c>

    #

    # Note that if you include a trailing / on fakename then the server will

    # require it to be present in the URL.  So "/icons" isn't aliased in this

    # example, only "/icons/"..

    #

    Alias /icons/ /var/www/localhost/icons/

    Alias /doc /usr/share/doc

    #

    # ScriptAlias: This controls which directories contain server scripts.

    # ScriptAliases are essentially the same as Aliases, except that

    # documents in the realname directory are treated as applications and

    # run by the server when requested rather than as documents sent to the client.

    # The same rules about trailing "/" apply to ScriptAlias directives as to

    # Alias.

    #

    ScriptAlias /cgi-bin/ /var/www/localhost/cgi-bin/

</IfModule>

# End of aliases.

#

# Redirect allows you to tell clients about documents which used to exist in

# your server's namespace, but do not anymore. This allows you to tell the

# clients where to look for the relocated document.

# Format: Redirect old-URI new-URL

#

#

# Directives controlling the display of server-generated directory listings.

#

<IfModule mod_autoindex.c>

    #

    # FancyIndexing is whether you want fancy directory indexing or standard

    #

    IndexOptions FancyIndexing

    #

    # AddIcon* directives tell the server which icon to show for different

    # files or filename extensions.  These are only displayed for

    # FancyIndexed directories.

    #

    AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

    AddIconByType (TXT,/icons/text.gif) text/*

    AddIconByType (IMG,/icons/image2.gif) image/*

    AddIconByType (SND,/icons/sound2.gif) audio/*

    AddIconByType (VID,/icons/movie.gif) video/*

    AddIcon /icons/binary.gif .bin .exe

    AddIcon /icons/binhex.gif .hqx

    AddIcon /icons/tar.gif .tar

    AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv

    AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip .bz2

    AddIcon /icons/a.gif .ps .ai .eps

    AddIcon /icons/layout.gif .html .shtml .htm .pdf

    AddIcon /icons/text.gif .txt

    AddIcon /icons/c.gif .c

    AddIcon /icons/p.gif .pl .py .php .php3

    AddIcon /icons/f.gif .for

    AddIcon /icons/dvi.gif .dvi

    AddIcon /icons/uuencoded.gif .uu

    AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl

    AddIcon /icons/tex.gif .tex

    AddIcon /icons/bomb.gif core

    AddIcon /icons/back.gif ..

    AddIcon /icons/hand.right.gif README

    AddIcon /icons/folder.gif ^^DIRECTORY^^

    AddIcon /icons/blank.gif ^^BLANKICON^^

    #

    # DefaultIcon is which icon to show for files which do not have an icon

    # explicitly set.

    #

    DefaultIcon /icons/unknown.gif

    #

    # AddDescription allows you to place a short description after a file in

    # server-generated indexes.  These are only displayed for FancyIndexed

    # directories.

    # Format: AddDescription "description" filename

    #

    #AddDescription "GZIP compressed document" .gz

    #AddDescription "tar archive" .tar

    #AddDescription "GZIP compressed tar archive" .tgz

    #

    # ReadmeName is the name of the README file the server will look for by

    # default, and append to directory listings.

    #

    # HeaderName is the name of a file which should be prepended to

    # directory indexes. 

    #

    # If MultiViews are amongst the Options in effect, the server will

    # first look for name.html and include it if found.  If name.html

    # doesn't exist, the server will then look for name.txt and include

    # it as plaintext if found.

    #

    ReadmeName README

    HeaderName HEADER

    #

    # IndexIgnore is a set of filenames which directory indexing should ignore

    # and not include in the listing.  Shell-style wildcarding is permitted.

    #

    IndexIgnore .??* *~ *# HEADER* RCS CVS *,v *,t

</IfModule>

# End of indexing directives.

#

# Document types.

#

<IfModule mod_mime.c>

    #

    # AddEncoding allows you to have certain browsers (Mosaic/X 2.1+) uncompress

    # information on the fly. Note: Not all browsers support this.

    # Despite the name similarity, the following Add* directives have nothing

    # to do with the FancyIndexing customization directives above.

    #

    AddEncoding x-compress Z

    AddEncoding x-gzip gz tgz

    #

    # AddLanguage allows you to specify the language of a document. You can

    # then use content negotiation to give a browser a file in a language

    # it can understand.  

    #

    # Note 1: The suffix does not have to be the same as the language 

    # keyword --- those with documents in Polish (whose net-standard 

    # language code is pl) may wish to use "AddLanguage pl .po" to 

    # avoid the ambiguity with the common suffix for perl scripts.

    #

    # Note 2: The example entries below illustrate that in quite

    # some cases the two character 'Language' abbreviation is not

    # identical to the two character 'Country' code for its country,

    # E.g. 'Danmark/dk' versus 'Danish/da'.

    #

    # Note 3: In the case of 'ltz' we violate the RFC by using a three char 

    # specifier. But there is 'work in progress' to fix this and get 

    # the reference data for rfc1766 cleaned up.

    #

    # Danish (da) - Dutch (nl) - English (en) - Estonian (ee)

    # French (fr) - German (de) - Greek-Modern (el)

    # Italian (it) - Korean (kr) - Norwegian (no)

    # Portugese (pt) - Luxembourgeois* (ltz)

    # Spanish (es) - Swedish (sv) - Catalan (ca) - Czech(cz)

    # Polish (pl) - Brazilian Portuguese (pt-br) - Japanese (ja)

    # Russian (ru)

    #

    AddLanguage da .dk

    AddLanguage nl .nl

    AddLanguage en .en

    AddLanguage et .ee

    AddLanguage fr .fr

    AddLanguage de .de

    AddLanguage el .el

    AddLanguage he .he

    AddCharset ISO-8859-8 .iso8859-8

    AddLanguage it .it

    AddLanguage ja .ja

    AddCharset ISO-2022-JP .jis

    AddLanguage kr .kr

    AddCharset ISO-2022-KR .iso-kr

    AddLanguage no .no

    AddLanguage pl .po

    AddCharset ISO-8859-2 .iso-pl

    AddLanguage pt .pt

    AddLanguage pt-br .pt-br

    AddLanguage ltz .lu

    AddLanguage ca .ca

    AddLanguage es .es

    AddLanguage sv .se

    AddLanguage cz .cz

    AddLanguage ru .ru

    AddLanguage zh-tw .tw

    AddLanguage tw .tw

    AddCharset Big5         .Big5    .big5

    AddCharset WINDOWS-1251 .cp-1251

    AddCharset CP866        .cp866

    AddCharset ISO-8859-5   .iso-ru

    AddCharset KOI8-R       .koi8-r

    AddCharset UCS-2        .ucs2

    AddCharset UCS-4        .ucs4

    AddCharset UTF-8        .utf8

    # LanguagePriority allows you to give precedence to some languages

    # in case of a tie during content negotiation.

    #

    # Just list the languages in decreasing order of preference. We have

    # more or less alphabetized them here. You probably want to change this.

    #

    <IfModule mod_negotiation.c>

        LanguagePriority en fr de es it da nl et el ja kr no pl pt pt-br ru ltz ca sv tw

    </IfModule>

    AddType application/x-tar .tgz

    #

    # AddHandler allows you to map certain file extensions to "handlers",

    # actions unrelated to filetype. These can be either built into the server

    # or added with the Action command (see below)

    #

    # If you want to use server side includes, or CGI outside

    # ScriptAliased directories, uncomment the following lines.

    #

    # To use CGI scripts:

    #

    #AddHandler cgi-script .cgi

    #

    # To use server-parsed HTML files

    #

    #AddType text/html .shtml

    #AddHandler server-parsed .shtml

    #

    # Uncomment the following line to enable Apache's send-asis HTTP file

    # feature

    #

    #AddHandler send-as-is asis

    #

    # If you wish to use server-parsed imagemap files, use

    #

    AddHandler imap-file map

    #

    # To enable type maps, you might want to use

    #

    #AddHandler type-map var

</IfModule>

# End of document types.

#

# Action lets you define media types that will execute a script whenever

# a matching file is called. This eliminates the need for repeated URL

# pathnames for oft-used CGI file processors.

# Format: Action media/type /cgi-script/location

# Format: Action handler-name /cgi-script/location

#

#

# MetaDir: specifies the name of the directory in which Apache can find

# meta information files. These files contain additional HTTP headers

# to include when sending the document

#

#MetaDir .web

#

# MetaSuffix: specifies the file name suffix for the file containing the

# meta information.

#

#MetaSuffix .meta

#

# Customizable error response (Apache style)

#  these come in three flavors

#

#    1) plain text

#ErrorDocument 500 "The server made a boo boo.

#  n.b.  the single leading (") marks it as text, it does not get output

#

#    2) local redirects

#ErrorDocument 404 /missing.html

#  to redirect to local URL /missing.html

#ErrorDocument 404 /cgi-bin/missing_handler.pl

#  N.B.: You can redirect to a script or a document using server-side-includes.

#

#    3) external redirects

#ErrorDocument 402 http://some.other_server.com/subscription_info.html

#  N.B.: Many of the environment variables associated with the original

#  request will *not* be available to such a script.

<Location /manual>

Options Multiviews

ErrorDocument 404 "The document you requested has not been installed on your system."

</Location>

#

# Customize behaviour based on the browser

#

<IfModule mod_setenvif.c>

    #

    # The following directives modify normal HTTP response behavior.

    # The first directive disables keepalive for Netscape 2.x and browsers that

    # spoof it. There are known problems with these browser implementations.

    # The second directive is for Microsoft Internet Explorer 4.0b2

    # which has a broken HTTP/1.1 implementation and does not properly

    # support keepalive when it is used on 301 or 302 (redirect) responses.

    #

    BrowserMatch "Mozilla/2" nokeepalive

    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0

    #

    # The following directive disables HTTP/1.1 responses to browsers which

    # are in violation of the HTTP/1.0 spec by not being able to grok a

    # basic 1.1 response.

    #

    BrowserMatch "RealPlayer 4\.0" force-response-1.0

    BrowserMatch "Java/1\.0" force-response-1.0

    BrowserMatch "JDK/1\.0" force-response-1.0

</IfModule>

# End of browser customization directives

#

# Allow server status reports, with the URL of http://servername/server-status

# Change the ".your_domain.com" to match your domain to enable.

#

<IfModule mod_status.c>

    <Location /server-status>

        SetHandler server-status

        Order deny,allow

        Deny from all

        allow from 192.168.1

        #allow from 127.0.0.1

        #Allow from .your_domain.com

    </Location>

#

# ExtendedStatus controls whether Apache will generate "full" status

# information (ExtendedStatus On) or just basic information (ExtendedStatus

# Off) when the "server-status" handler is called. The default is Off.

#

#ExtendedStatus On

</IfModule>

#

# Allow remote server configuration reports, with the URL of

# http://servername/server-info (requires that mod_info.c be loaded).

# Change the ".your_domain.com" to match your domain to enable.

#

<IfModule mod_info.c>

    <Location /server-info>

   SetHandler server-info

   Order deny,allow

   Deny from all

   Allow from 192.168.1

   #Allow from 127.0.0.1

   #Allow from .your_domain.com

    </Location>

</IfModule>

<IfModule mod_perl.c>

    <Location /perl-status>

   SetHandler perl-script

   PerlHandler Apache::Status

   Order deny,allow

   Deny from all

   Allow from 192.168.1

   #Allow from 127.0.0.1

   #Allow from .your_domain.com

    </Location>

</IfModule>

#

# There have been reports of people trying to abuse an old bug from pre-1.1

# days.  This bug involved a CGI script distributed as a part of Apache.

# By uncommenting these lines you can redirect these attacks to a logging 

# script on phf.apache.org.  Or, you can record them yourself, using the script

# support/phf_abuse_log.cgi.

#

#<Location /cgi-bin/phf*>

#    Deny from all

#    ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi

#</Location>

#

# Proxy Server directives. Uncomment the following lines to

# enable the proxy server:

#

#<IfModule mod_proxy.c>

#    ProxyRequests On

#    <Directory proxy:*>

#        Order deny,allow

#        Deny from all

#        Allow from .your_domain.com

#    </Directory>

    #

    # Enable/disable the handling of HTTP/1.1 "Via:" headers.

    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)

    # Set to one of: Off | On | Full | Block

    #

#    ProxyVia On

    #

    # To enable the cache as well, edit and uncomment the following lines:

    # (no cacheing without CacheRoot)

    #

#    CacheRoot /var/cache/apache

#    CacheSize 5

#    CacheGcInterval 4

#    CacheMaxExpire 24

#    CacheLastModifiedFactor 0.1

#    CacheDefaultExpire 1

#    NoCache a_domain.com another_domain.edu joes.garage_sale.com

#</IfModule>

# End of proxy directives.

<IfModule mod_dav.c>

     DavLockDB /var/lock/mod_dav

</IfModule>

<IfModule mod_include.c>

#    XBitHack on

</IfModule>

#

# This should be changed to whatever you set DocumentRoot to.

#

<Directory /var/www/localhost/htdocs>

    Options Indexes FollowSymLinks MultiViews

    AllowOverride All

    Order allow,deny

    Allow from all

</Directory>

<Directory /var/www/localhost/cgi-bin>

    AllowOverride All

    Options ExecCGI

    Order allow,deny

    Allow from all

</Directory>

#

# Control access to UserDir directories.  The following is an example

# for a site where these directories are restricted to read-only.

#

#<Directory /home/*/public_html>

#    AllowOverride FileInfo AuthConfig Limit

#    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec

#    <Limit GET POST OPTIONS PROPFIND>

#        Order allow,deny

#        Allow from all

#    </Limit>

#    <LimitExcept GET POST OPTIONS PROPFIND>

#        Order deny,allow

#        Deny from all

#    </LimitExcept>

#</Directory>

<Directory /home/*/public_html>

    AllowOverride All

    Options ExecCGI

    Order allow,deny

    Allow from all

</Directory>

<Directory /home/*/public_html/cgi-bin>

     AllowOverride All

     Options MultiViews +ExecCGI -Includes -Indexes FollowSymLinks

     SetHandler cgi-script

</Directory>

<IfModule mod_perl.c>

    <Directory /home/*/public_html/perl>

   SetHandler perl-script

   PerlHandler Apache::PerlRun

   Options -Indexes ExecCGI

   PerlSendHeader On

    </Directory>

</IfModule>

<Directory /var/www/localhost/icons>

    Options -Indexes MultiViews

    AllowOverride None

    Order allow,deny

    Allow from all

</Directory>

<Directory /usr/share/doc>

    Options Indexes FollowSymLinks MultiViews

    Order deny,allow

    Deny from all

    Allow from 127.0.0.1

</Directory>

<Location /index.shtml>

    Options +Includes

</Location>

#<IfModule mod_perl.c>

#    PerlModule Apache::Registry

#    

#    #set Apache::Registry Mode for /perl Alias

#    <Location /perl/*.pl>

#    or

#    <Location ~ "^/perl/*\.pl$>

#   SetHandler perl-script

#   PerlHandler Apache::Registry

#   Options -Indexes ExecCGI

#   PerlSendHeader On

#    </Location>

#

#    #set Apache::PerlRun Mode for /cgi-perl Alias

#    <Location /cgi-perl/*.pl>

#   SetHandler perl-script

#   PerlHandler Apache::PerlRun

#   Options -Indexes ExecCGI

#   PerlSendHeader On

#    </Location>

#</IfModule>

```

----------

## duderonomy

OK... the solution is simple enough... 

As it turns out, the Gentoo ebuild appears to have these options

specific in the configure command:

```

                --suexec-uidmin=1000 \

                --suexec-gidmin=100 \

```

Hence, I was hitting a little UID check. 

Solution I choose was to shift the numerical number of my users's UIDs

to a number above 1000...

Cheers,

D

PS: Still asking myself if the reward was the journey or my paycheck.

----------

## BlinkEye

i don't have the same problem but i want to achieve the same. whenever i trie to access a cgi-bin script with servername/cgi-bin/script.py i see in the apache error/access log it tries /var/www/localhost/cgi-bin/script.py insted of /home/username/public_html/cgi-bin/script.py. i set the virtual server as following:

```
<VirtualHost *:80>

ServerAdmin admin@servername

DocumentRoot /home/username/public_html

ServerName servername

ServerAlias *.servername

<Directory /home/username/public_html/cgi-bin>

    AllowOverride All

    Options ExecCGI MultiViews Indexes Includes FollowSymLinks

    <IfModule mod_access.c>

      Order allow,deny

      Allow from all

    </IfModule>

</Directory>
```

what am i missing?

----------

## duderonomy

Did you get this working? How about moving it to a different port (not 80)?

----------

## Selec

Try this add ScriptAlias 

```
<VirtualHost  0.0.0.0:80>

 DocumentRoot "/var/www/test/htdocs"

ServerAdmin my@web.com

ServerName test.server

 Options Indexes FollowSymLinks

ScriptAlias /cgi-bin/ /var/www/test/cgi-bin/

 <Directory "/var/www/test/htdocs">

 Options Indexes FollowSymLinks

AllowOverride None

 Order allow,deny

     Allow from all

          </Directory>

    <IfModule peruser.c>

      ServerEnvironment apache apache

      :MinSpareProcessors 4

      MaxProcessors 20

         </IfModule>

</VirtualHost>
```

 :Very Happy: 

----------

