Use suexec to run user CGi scripts

[chef.git] / cookbooks / dev / templates / default / apache.user.erb

diff --git a/cookbooks/dev/templates/default/apache.user.erb b/cookbooks/dev/templates/default/apache.user.erb
index 11955a0bd026a6310a21e1481e6783b075cfc1c8..39f1cd60faa2f40b1c8db8f5e830de0fc8bc6c30 100644 (file)
--- a/cookbooks/dev/templates/default/apache.user.erb
+++ b/cookbooks/dev/templates/default/apache.user.erb
@@ -7,6 +7,9 @@ WSGIDaemonProcess <%= @user %>.dev.openstreetmap.org user=<%= @user %> inactivit
        ServerAdmin webmaster@openstreetmap.org
        ServerAlias <%= @user %>.dev.osm.org
 
+       # Remove Proxy request header to mitigate https://httpoxy.org/
+       RequestHeader unset Proxy early
+
        UseCanonicalName Off
        DocumentRoot <%= @directory %>
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
@@ -20,10 +23,7 @@ WSGIDaemonProcess <%= @user %>.dev.openstreetmap.org user=<%= @user %> inactivit
        ErrorLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-error.log
 
        RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
-       RewriteRule ^/cgi-bin/(.*)$ /cgi-bin/cgiwrap/~<%= @user %>/cgi-bin/$1 [PT,L]
-
-       RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
-       RewriteRule ^/cgi-bin-d/(.*)$ /cgi-bin/cgiwrapd/~<%= @user %>/cgi-bin/$1 [PT,L]
+       RewriteRule ^/cgi-bin/(.*)$ /~<%= @user %>/cgi-bin/$1 [PT,L]
 
        RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
        RewriteRule ^/(.*\.ph(p|ps|p3|tml)(/.*)?)$ fcgi://127.0.0.1:<%= @port %><%= @directory %>/$1 [P]
@@ -35,6 +35,12 @@ WSGIDaemonProcess <%= @user %>.dev.openstreetmap.org user=<%= @user %> inactivit
        Require all granted
 </Directory>
 
+<Directory <%= @directory %>/cgi-bin>
+       SetHandler cgi-script
+       Options ExecCGI SymLinksIfOwnerMatch
+       Require all granted
+</Directory>
+
 <Directory <%= @directory %>/wsgi-bin>
        SetHandler wsgi-script
        Options ExecCGI SymLinksIfOwnerMatch