<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>FileInfo</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Core</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr>
-<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Win32 only<br />
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Win32 only;
option <code>Registry-Strict</code> is available in Apache 2.0 and
later</td></tr>
</table>
<p>This directive is used to control how Apache finds the
- interpreter used to run CGI scripts. The default technique is to
- use the interpreter pointed to by the <code>#!</code> line in the
- script.</p>
+ interpreter used to run CGI scripts. The default setting is
+ <code>Script</code>. This causes Apache to use the interpreter pointed to
+ by the shebang line (first line, starting with <code>#!</code>) in the
+ script. On Win32 systems this line usually looks like:</p>
+
+ <div class="example"><p><code>
+ #!C:/Perl/bin/perl.exe
+ </code></p></div>
+
+ <p>or, if perl is in <code>PATH</code>, simply:</p>
+
+ <div class="example"><p><code>
+ #!perl
+ </code></p></div>
<p>Setting <code>ScriptInterpreterSource Registry</code> will
- cause the Windows Registry to be searched using the script file
- extension (e.g., <code>.pl</code>) as a search key.</p>
+ cause the Windows Registry tree <code>HKEY_CLASSES_ROOT</code> to be
+ searched using the script file extension (e.g., <code>.pl</code>) as a
+ search key. The command defined by the registry subkey
+ <code>Shell\Open\Command</code> is used to open the script file. In absence
+ of the file extension key or the <code>Shell\Open\Command</code> subkey
+ Apache uses the <code>Script</code> option.</p>
+
+ <div class="warning"><h3>Security</h3>
+ <p>Be careful to use <code>ScriptInterpreterSource Registry</code> with
+ <code class="directive"><a href="../mod/mod_alias.html#scriptalias">ScriptAlias</a></code>'ed directories,
+ because Apache is trying to execute <strong>every</strong> file within
+ this directory. The <code>Registry</code> setting may cause undesired
+ program calls on files, which are usually not executed. For example, the
+ default open command on <code>.htm</code> files on most Windows systems is
+ executing the Microsoft Internet Explorer, so any HTTP request for an
+ <code>.htm</code> file existing within the script directory would start
+ the browser in background. This is an effective method to crash your
+ system within a minute or so.</p>
+ </div>
<p>The option <code>Registry-Strict</code> which is new in Apache 2.0
- does the same as <code>Registry</code> but uses a more strict registry
- search.</p>
+ does the same as <code>Registry</code> but uses the subkey
+ <code>Shell\ExecCGI\Command</code> instead. The <code>ExecCGI</code> key
+ is not a common one. It has to be configured manually and prevents your
+ system from accidental program calls.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<usage>
<p>This directive is used to control how Apache finds the
- interpreter used to run CGI scripts. The default technique is to
- use the interpreter pointed to by the <code>#!</code> line in the
- script.</p>
+ interpreter used to run CGI scripts. The default setting is
+ <code>Script</code>. This causes Apache to use the interpreter pointed to
+ by the shebang line (first line, starting with <code>#!</code>) in the
+ script. On Win32 systems this line usually looks like:</p>
+
+ <example>
+ #!C:/Perl/bin/perl.exe
+ </example>
+
+ <p>or, if perl is in <code>PATH</code>, simply:</p>
+
+ <example>
+ #!perl
+ </example>
<p>Setting <code>ScriptInterpreterSource Registry</code> will
- cause the Windows Registry to be searched using the script file
- extension (e.g., <code>.pl</code>) as a search key.</p>
+ cause the Windows Registry tree <code>HKEY_CLASSES_ROOT</code> to be
+ searched using the script file extension (e.g., <code>.pl</code>) as a
+ search key. The command defined by the registry subkey
+ <code>Shell\Open\Command</code> is used to open the script file. In absence
+ of the file extension key or the <code>Shell\Open\Command</code> subkey
+ Apache uses the <code>Script</code> option.</p>
+
+ <note type="warning"><title>Security</title>
+ <p>Be careful to use <code>ScriptInterpreterSource Registry</code> with
+ <directive module="mod_alias">ScriptAlias</directive>'ed directories,
+ because Apache is trying to execute <strong>every</strong> file within
+ this directory. The <code>Registry</code> setting may cause undesired
+ program calls on files, which are usually not executed. For example, the
+ default open command on <code>.htm</code> files on most Windows systems is
+ executing the Microsoft Internet Explorer, so any HTTP request for an
+ <code>.htm</code> file existing within the script directory would start
+ the browser in background. This is an effective method to crash your
+ system within a minute or so.</p>
+ </note>
<p>The option <code>Registry-Strict</code> which is new in Apache 2.0
- does the same as <code>Registry</code> but uses a more strict registry
- search.</p>
+ does the same as <code>Registry</code> but uses the subkey
+ <code>Shell\ExecCGI\Command</code> instead. The <code>ExecCGI</code> key
+ is not a common one. It has to be configured manually and prevents your
+ system from accidental program calls.</p>
</usage>
</directivesynopsis>
projects / apache / commitdiff