论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2007-03-21 16:15 |只看该作者 |倒序浏览

我已经把/var/www/cgi-bin/*都设成755权限了

在浏览器里面访问就是不行

error_log是
[Wed Mar 21 23:37:24 2007] [error] (2)No such file or directory: exec of /cgi-bin/printenv failed
[Wed Mar 21 23:37:24 2007] [error] [client 192.168.80.52] Premature end of script headers: /cgi-bin/printenv

httpd.conf
篇幅原因部分注释已删除

# $OpenBSD: httpd.conf,v 1.19 2006/02/22 15:07:12 henning Exp $
#
# Based upon the NCSA server configuration files originally by Rob McCool.
#

### Section 1: Global Environment
#

ServerType standalone

ServerRoot "/var/www"

#LockFile logs/accept.lock

#
PidFile logs/httpd.pid
ScoreBoardFile logs/apache_runtime_status

#ResourceConfig conf/srm.conf
#AccessConfig conf/access.conf

#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300

#
#
KeepAlive On

#
#
MaxKeepAliveRequests 100

#
#
KeepAliveTimeout 15

#
#
MinSpareServers 5
MaxSpareServers 10

#
#
StartServers 5

#
MaxClients 150

#
#
MaxRequestsPerChild 0

#
MaxCPUPerChild 0
MaxDATAPerChild 0
MaxNOFILEPerChild 0
MaxRSSPerChild 0
MaxSTACKPerChild 0

#
#Listen 3000
#Listen 12.34.56.78:80

#
#
#BindAddress *

#
#
# Example:
# LoadModule foo_module libexec/mod_foo.so

# "anonymous" user access to authenticated areas
# LoadModule anon_auth_module /usr/lib/apache/modules/mod_auth_anon.so

# user authentication using Berkeley DB files
# LoadModule db_auth_module /usr/lib/apache/modules/mod_auth_db.so

# user authentication using DBM files
# LoadModule dbm_auth_module /usr/lib/apache/modules/mod_auth_dbm.so

# authentication using new-style MD5 Digest Authentication (experimental)
# LoadModule digest_auth_module /usr/lib/apache/modules/mod_auth_digest.so

# CERN httpd metafile semantics
# LoadModule cern_meta_module /usr/lib/apache/modules/mod_cern_meta.so

# configuration defines ($xxx)
# LoadModule define_module /usr/lib/apache/modules/mod_define.so

# user authentication using old-style MD5 Digest Authentication
# LoadModule digest_module /usr/lib/apache/modules/mod_digest.so

# generation of Expires HTTP headers according to user-specified criteria
# LoadModule expires_module /usr/lib/apache/modules/mod_expires.so

# customization of HTTP response headers
# LoadModule headers_module /usr/lib/apache/modules/mod_headers.so

# comprehensive overview of the server configuration
# LoadModule info_module /usr/lib/apache/modules/mod_info.so

# logging of the client user agents (deprecated in favor of mod_log_config)
# LoadModule agent_log_module /usr/lib/apache/modules/mod_log_agent.so

# logging of referers (deprecated in favor of mod_log_config)
# LoadModule referer_log_module /usr/lib/apache/modules/mod_log_referer.so

# determining the MIME type of a file by looking at a few bytes of its contents
# LoadModule mime_magic_module /usr/lib/apache/modules/mod_mime_magic.so

# mmap()ing of a statically configured list of frequently requested but
# not changed files (experimental)
# LoadModule mmap_static_module /usr/lib/apache/modules/mod_mmap_static.so

# rule-based rewriting engine to rewrite requested URLs on the fly
# LoadModule rewrite_module /usr/lib/apache/modules/mod_rewrite.so

# attempt to correct misspellings of URLs that users might have entered
# LoadModule speling_module /usr/lib/apache/modules/mod_speling.so

# provides an environment variable with a unique identifier for each request
# LoadModule unique_id_module /usr/lib/apache/modules/mod_unique_id.so

# uses cookies to provide for a clickstream log of user activity on a site
# LoadModule usertrack_module /usr/lib/apache/modules/mod_usertrack.so

# dynamically configured mass virtual hosting
# LoadModule vhost_alias_module /usr/lib/apache/modules/mod_vhost_alias.so

# caching proxy
# LoadModule proxy_module /usr/lib/apache/modules/libproxy.so

#
#ExtendedStatus On

### Section 2: 'Main' server configuration
Port 80

##  SSL Support
<IfDefine SSL>
Listen 80
Listen 443
</IfDefine>

#
User www
Group www

#
ServerAdmin you@your.address

#ServerName new.host.name

DocumentRoot "/var/www/htdocs"

<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>

<Directory "/var/www/htdocs">

Options Indexes FollowSymLinks

#
AllowOverride None

Order allow,deny
Allow from all
</Directory>

UserDir disabled

#
DirectoryIndex index.html

AccessFileName .htaccess

<Files .htaccess>
Order allow,deny
Deny from all
</Files>

UseCanonicalName On

TypesConfig conf/mime.types

DefaultType text/plain

<IfModule mod_mime_magic.c>
MIMEMagicFile conf/magic
</IfModule>

HostnameLookups Off

ErrorLog logs/error_log

LogLevel warn

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

CustomLog logs/access_log common
#CustomLog logs/access_log combined

ServerSignature On

Alias /icons/ "/var/www/icons/"

<Directory "/var/www/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>

<Directory "/var/www/htdocs/manual">
Options MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>

ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>

IndexOptions FancyIndexing

AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*

AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core

AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^

DefaultIcon /icons/unknown.gif

#AddDescription "GZIP compressed document" .gz
#AddDescription "tar archive" .tar
#AddDescription "GZIP compressed tar archive" .tgz

ReadmeName README
HeaderName HEADER

IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t

AddEncoding x-compress Z
AddEncoding x-gzip gz

AddLanguage en .en
AddLanguage fr .fr
AddLanguage de .de
AddLanguage da .da
AddLanguage el .el
AddLanguage it .it

#
# LanguagePriority allows you to give precedence to some languages
# in case of a tie during content negotiation.
# Just list the languages in decreasing order of preference.
#
LanguagePriority en fr de

#
# AddType allows you to tweak mime.types without actually editing it, or to
# make certain files to be certain types.
#
# For example, the PHP module (not part of the Apache distribution)
# will typically use:
#
#AddType application/x-httpd-php .php

#
# AddHandler allows you to map certain file extensions to "handlers",
# actions unrelated to filetype. These can be either built into the server
# or added with the Action command (see below)
#
# If you want to use server side includes, or CGI outside
# ScriptAliased directories, uncomment the following lines.
#
# To use CGI scripts:
#
#AddHandler cgi-script .cgi

#
# To use server-parsed HTML files
#
#AddType text/html .shtml
#AddHandler server-parsed .shtml

#
# Uncomment the following line to enable Apache's send-asis HTTP file
# feature
#
#AddHandler send-as-is asis

#
# If you wish to use server-parsed imagemap files, use
#
#AddHandler imap-file map

#
# To enable type maps, you might want to use
#
#AddHandler type-map var

#
# Action lets you define media types that will execute a script whenever
# a matching file is called. This eliminates the need for repeated URL
# pathnames for oft-used CGI file processors.
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location
#

#
# MetaDir: specifies the name of the directory in which Apache can find
# meta information files. These files contain additional HTTP headers
# to include when sending the document
#
#MetaDir .web

#
# MetaSuffix: specifies the file name suffix for the file containing the
# meta information.
#
#MetaSuffix .meta

#
# Customizable error response (Apache style)
#  these come in three flavors
#
# 1) plain text
#ErrorDocument 500 "The server made a boo boo.
#  n.b.  the (") marks it as text, it does not get output
#
# 2) local redirects
#ErrorDocument 404 /missing.html
#  to redirect to local URL /missing.html
#ErrorDocument 404 /cgi-bin/missing_handler.pl
#  N.B.: You can redirect to a script or a document using server-side-includes.
#
# 3) external redirects
#ErrorDocument 402 http://some.other_server.com/subscription_info.html
#  N.B.: Many of the environment variables associated with the original
#  request will *not* be available to such a script.

#
# The following directives modify normal HTTP response behavior.
# The first directive disables keepalive for Netscape 2.x and browsers that
# spoof it. There are known problems with these browser implementations.
# The second directive is for Microsoft Internet Explorer 4.0b2
# which has a broken HTTP/1.1 implementation and does not properly
# support keepalive when it is used on 301 or 302 (redirect) responses.
#
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0

#
# The following directive disables HTTP/1.1 responses to browsers which
# are in violation of the HTTP/1.0 spec by not being able to grok a
# basic 1.1 response.
#
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0

#
# Allow server status reports, with the URL of http://servername/server-status
# Change the ".your_domain.com" to match your domain to enable.
#
#<Location /server-status>
# SetHandler server-status
# Order deny,allow
# Deny from all
# Allow from .your_domain.com
#</Location>

#
# Allow remote server configuration reports, with the URL of
#  http://servername/server-info (requires that mod_info.c be loaded).
# Change the ".your_domain.com" to match your domain to enable.
#
#<Location /server-info>
# SetHandler server-info
# Order deny,allow
# Deny from all
# Allow from .your_domain.com
#</Location>

#
# There have been reports of people trying to abuse an old bug from pre-1.1
# days.  This bug involved a CGI script distributed as a part of Apache.
# By uncommenting these lines you can redirect these attacks to a logging
# script on phf.apache.org.  Or, you can record them yourself, using the script
# support/phf_abuse_log.cgi.
#
#<Location /cgi-bin/phf*>
# Deny from all
# ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi
#</Location>

#
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#
#<IfModule mod_proxy.c>
#ProxyRequests On
#
#<Directory proxy:*>
# Order deny,allow
# Deny from all
# Allow from .your_domain.com
#</Directory>

#
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#
#ProxyVia On

#
# To enable the cache as well, edit and uncomment the following lines:
# (no cacheing without CacheRoot)
#
#CacheRoot "/var/www/proxy"
#CacheSize 5
#CacheGcInterval 4
#CacheMaxExpire 24
#CacheLastModifiedFactor 0.1
#CacheDefaultExpire 1
#NoCache a_domain.com another_domain.edu joes.garage_sale.com

#</IfModule>
# End of proxy directives.

### Section 3: Virtual Hosts
#
# VirtualHost: If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them.
# Please see the documentation at <URL:http://www.apache.org/docs/vhosts/>
# for further details before you try to setup virtual hosts.
# You may use the command line option '-S' to verify your virtual host
# configuration.

#
# If you want to use name-based virtual hosts you need to define at
# least one IP address (and port number) for them.
#
#NameVirtualHost 12.34.56.78:80
#NameVirtualHost 12.34.56.78

#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
#
#<VirtualHost ip.address.of.host.some_domain.com>
# ServerAdmin webmaster@host.some_domain.com
# DocumentRoot /www/docs/host.some_domain.com
# ServerName host.some_domain.com
# ErrorLog logs/host.some_domain.com-error_log
# CustomLog logs/host.some_domain.com-access_log common
#</VirtualHost>

#<VirtualHost _default_:*>
#</VirtualHost>

##
##  SSL Global Context
##
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts.
##

#
# Some MIME-types for downloading Certificates and CRLs
#
<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfDefine>

<IfModule mod_ssl.c>

# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog  builtin

# Inter-Process Session Cache:
# Configure the SSL Session Cache: First either `none'
# or `dbm:/path/to/file' for the mechanism to use and
# second the expiring timeout (in seconds).
SSLSessionCache       dbm:logs/ssl_scache
SSLSessionCacheTimeout  300

# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
SSLMutex  sem

# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512
SSLRandomSeed startup file:/dev/arandom  512

# Logging:
# The home of the dedicated SSL protocol logfile. Errors are
# additionally duplicated in the general error log file.  Put
# this somewhere where it cannot be used for symlink attacks on
# a real server (i.e. somewhere where only root can write).
# Log levels are (ascending order: higher ones include lower ones):
# none, error, warn, info, trace, debug.
SSLLog    logs/ssl_engine_log
SSLLogLevel info

</IfModule>

<IfDefine SSL>

##
## SSL Virtual Host Context
##

<VirtualHost _default_:443>

#  General setup for the virtual host
DocumentRoot /var/www/htdocs
ServerName new.host.name
ServerAdmin you@your.address
ErrorLog logs/error_log
TransferLog logs/access_log

# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on

# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
#SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

SSLCertificateFile /etc/ssl/server.crt

SSLCertificateKeyFile /etc/ssl/private/server.key

#SSLCACertificatePath /var/www/conf/ssl.crt
#SSLCACertificateFile /var/www/conf/ssl.crt/ca-bundle.crt

#SSLVerifyClient require
#SSLVerifyDepth  10

#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
#          and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
#          and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
#          and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
#          and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20    ) \
#          or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>

CustomLog logs/ssl_request_log \
      "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

</IfDefine>