Home » Apache » Apache 2, mod_perl 2 and security (Apache2::Const)

Apache 2, mod_perl 2 and security (Apache2::Const)

Problem:

I want to send a 404 (not found) error back to the browser when any ".*" or "*.mas" or "*handler" files are requested.  The example in the Mason book is for mod_perl v1 and so far, I haven’t been able to find a working example of how to send the 404 return code using Apache2::Const in an apache .conf file.

This wasn’t a small issue because it was a security hole that may have allowed for the viewing of the web page code and/or sensitive information.

Solution (/etc/httpd/conf.d/perl-HTML-Mason.conf):

<FilesMatch "(\.mas|handler)$">
    SetHandler perl-script
    PerlResponseHandler "sub { use Apache2::Const qw(NOT_FOUND); return NOT_FOUND }"
</FilesMatch>

<FilesMatch "^(\.)">
    SetHandler perl-script
    PerlResponseHandler "sub { use Apache2::Const qw(NOT_FOUND); return NOT_FOUND }"
</FilesMatch>

Notice that the Apache2::Const perl module is loaded in the anonymous subroutine and not preloaded.  Apparently mod_perl 2 doesn’t allow for Apache2::Const to be preloaded in the apache config file.

Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*

Facebook login by WP-FB-AutoConnect