logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Other Software View previous topic :: View next topic
Reply to topic   Topic: Server sending webbatch.exe instead of running it
Author
Rod



Joined: 03 Apr 2015
Posts: 8
Location: Toronto, Canada

PostPosted: Sun 05 Apr '15 18:35    Post subject: Server sending webbatch.exe instead of running it Reply with quote

I have Apache 2.4.9 installed. This:

192.168.1.20/webcgi/webbatch.exe?webcgi/hello.web

represents my desire for the server to run webbatch.exe, using the hello.web script as data. But it's causing Apache to send webbatch.exe, not run it. I want Apache to run the .exe, not send it.

Both webbatch.exe and hello.web are in an aliased /webcgi/ folder, so Apache has access to both.

What config settings or directives are required to inhibit the send, and have Apache execute the .exe?

Rod
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Sun 05 Apr '15 19:51    Post subject: Reply with quote

I would only do this for the webcgi aliased directory

AddHandler cgi-script .exe

If you have other (like .cgi, .pl) scripts in there also, add them as well

AddHandler cgi-script .cgi .exe .pl
Back to top
Rod



Joined: 03 Apr 2015
Posts: 8
Location: Toronto, Canada

PostPosted: Sun 05 Apr '15 21:37    Post subject: Reply with quote

I greatly appreciate you trying to help me. Thank you. This is my webcgi.conf, in the form that invokes the unwanted open/send:
Code:
Alias /webcgi/ "H:/WEBCGI/"
<Directory "H:/WEBCGI/">
   Options Indexes FollowSymLinks
   AllowOverride none
   # FORBIDDEN if not "Require all granted"
   Require all granted
</Directory>


With the line you suggest added:
Code:
Alias /webcgi/ "H:/WEBCGI/"
<Directory "H:/WEBCGI/">
   Options Indexes FollowSymLinks
   AllowOverride none
   # FORBIDDEN if not "Require all granted"
   Require all granted
   AddHandler cgi-script .cgi .exe
</Directory>

result is:
Forbidden
You don't have permission to access /webcgi/webbatch.exe on this server.

I'm new to Apache, so I don't understand why the Forbidden problem - which I resolved earlier with "Require all granted" - is now back. Why would AddHandler cause that? I get the same result, Forbidden, with:
Code:
AddHandler cgi-script .cgi .exe .web

and likewise, Forbidden, with AddHandler added outside <Directory>, like this:
Code:
</Directory>
AddHandler cgi-script .cgi .exe .web


What am I doing wrong?
Back to top
Rod



Joined: 03 Apr 2015
Posts: 8
Location: Toronto, Canada

PostPosted: Sun 05 Apr '15 21:47    Post subject: Reply with quote

With
Options Indexes FollowSymLinks ExecCGI # (ExecCGI added)
I lose the Forbidden. But it puts me back to original problem: it tries to send me webbatch.exe.
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Sun 05 Apr '15 22:04    Post subject: Reply with quote

I'm hoping you did not actually put that comment on the end of the Options line like shown and that was added only in your post for my benefit.

How about posting just that specific <Directory> container. I know using the AddHandler works, I use it myself for a compiled javascript to query a GeoIP database.

Code:
<Directory "/path/to/some/folder/geo">
  Options Includes ExecCGI SymLinksIfOwnerMatch
  AllowOverride FileInfo
  # The below line is REQUIRED to run .exe as a cgi
  AddHandler cgi-script .exe
  Require all granted
</Directory>
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Sun 05 Apr '15 22:20    Post subject: Reply with quote

Oh man, you had a post in there I went right by, with your config, looking now ...

Ok, that looks fine, anything strange in your error log on the subject?

I'm going to assume you restarted Apache each time you made changes.


Last edited by glsmith on Sun 05 Apr '15 22:49; edited 1 time in total
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Sun 05 Apr '15 22:32    Post subject: Reply with quote

I should also mention a very overlooked but handy thing when working with cgi.

ScriptLog logs/script-error.log

The ScriptLog basically will echo all the cgi's STDERR output to the configured ScriptLog file, very useful more often than not.

syntax error at C:/Apache24/htdocs/index.cgi line 81, near "elsif {"
Back to top
Rod



Joined: 03 Apr 2015
Posts: 8
Location: Toronto, Canada

PostPosted: Sun 05 Apr '15 23:16    Post subject: Reply with quote

glsmith wrote:
I'm hoping you did not actually put that comment on the end of the Options line like shown....
How about posting just that specific <Directory> container.

Yes, I have learned that end-of-line comments don't work. Smile
Directory container...sorry, don't know what you mean by container. I haven't done that? My /webcgi/ folder is H:\WEBCGI.
Back to top
Rod



Joined: 03 Apr 2015
Posts: 8
Location: Toronto, Canada

PostPosted: Sun 05 Apr '15 23:58    Post subject: Reply with quote

glsmith wrote:
anything strange in your error log on the subject?
I'm going to assume you restarted Apache each time you made changes.

Yes, I restart Apache every time I change a config.

Hmmm. At some point, Webbatch popped up a message in Firefox: "There are 86 days remaining on your evaluation license." Taunt me, why not. But obviously it managed to talk to my web browser, somehow.

apache_error.log looks clean on start-up, except for some warnings:

[alias:warn] The Alias directive in H:/WAMPSERVER/alias/phpmyadmin.conf at line 1 will probably never match because it overlaps an earlier Alias.
[alias:warn] The Alias directive in H:/WAMPSERVER/alias/webcgi.conf at line 1 will probably never match because it overlaps an earlier Alias.
[alias:warn] The Alias directive in H:/WAMPSERVER/alias/phpmyadmin.conf at line 1 will probably never match because it overlaps an earlier Alias.
[alias:warn] The Alias directive in H:/WAMPSERVER/alias/webcgi.conf at line 1 will probably never match because it overlaps an earlier Alias.

The warnings that refer to webcgi.conf have me baffled, because there is no reference to webcgi in httpd.conf. So what could be causing the warnings? And...does a warning like that imply that webcgi.conf is being ignored, rather than being used to configure the server?
Back to top
Rod



Joined: 03 Apr 2015
Posts: 8
Location: Toronto, Canada

PostPosted: Mon 06 Apr '15 0:21    Post subject: Reply with quote

Okay, I've managed to get rid of the warnings. I had
Include "H:/WAMPSERVER/alias/*"
at the end of my httpd.conf
I've commented that out, because it seems WampServer does the including for me.

So now it's a clean Apache start up, with no warnings, and my <Directory> looks like this:
Code:
<Directory "H:/WEBCGI/">
   Options Includes ExecCGI SymLinksIfOwnerMatch
   AddHandler cgi-script .exe
   AllowOverride FileInfo
   # echo all the cgi's STDERR output to the configured ScriptLog file
   ScriptLog logs/script-error.log
   # line below is REQUIRED to run .exe as a cgi
   AddHandler cgi-script .exe
   # line below is required, or FORBIDDEN
   Require all granted
</Directory>

And now
192.168.1.20/webcgi/webbatch.exe?webcgi/hello.web
gives me
Not Found
The requested URL /webcgi/webbatch.exe was not found on this server.

That's progress, yes? Smile
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Mon 06 Apr '15 0:59    Post subject: Reply with quote

Rod wrote:
The warnings that refer to webcgi.conf have me baffled, because there is no reference to webcgi in httpd.conf. So what could be causing the warnings? And...does a warning like that imply that webcgi.conf is being ignored, rather than being used to configure the server?


Remember that it doesn't necessarily have to be just in httpd.conf, there are other files that have Alias in them like httpd-autoindex and httpd-manual, two that I can think of off the top of my head. You are also Include(ing) files of your own. It could be due to the order of how you include these files. It's saying the same thing about phpmyadmin as well. Did you used to have these in one file and break into two and forget to remove the include for the original? It may also be in the way the config is merged, there is a whole section at the bottom of http://httpd.apache.org/docs/2.4/sections.html going into to those gory details.

I had this happen to me long long ago. I do not remember the specifics and about all I remember is I had to go through my conf files line by line more than once before it finally jumped out at me.

I do my Aliases inside the VirtualHost for the specific hostname I'm dealing with unless I do actually want them global (so very few).

As for the second part of your question, it's not completely ignoring it, but it sounds as if Alias/AliasMatch/ScriptAlias is going to jump on the first matching one it comes to. Many other directives can be overwritten by a similar later on in the config, evidently not these and they are of the same family. They each serve different purposes but you need to also think of them sort of as one.

Alias /something /path/to/something
ScriptAlias /something /path/to/something-else

The first will be the one used when I go to http://www.somesite.com/something
Back to top
Rod



Joined: 03 Apr 2015
Posts: 8
Location: Toronto, Canada

PostPosted: Mon 06 Apr '15 1:51    Post subject: Reply with quote

In httpd.conf:
Code:
DocumentRoot "H:/WAMPSERVER/www/"

<Directory "H:/WAMPSERVER/www/">
    Options Indexes FollowSymLinks
    AllowOverride None
    Allow from All
    Require all granted
</Directory>

That folder is accessible.
In my HELLO link, 192.168.1.20/index.html
that index.html is stored in /www/.
It displays beautifully. Happy 'r' I.

In webcgi.conf:
Code:
Alias /webcgi/ "H:/WEBCGI/"
<Directory "H:/WEBCGI/">
   Options Indexes FollowSymLinks
   AllowOverride None
   ScriptLog logs/script-error.log
   AddHandler cgi-script .exe
   Allow from All
   Require all granted
</Directory>

My WEBCGI link, 192.168.1.20/webcgi/index.html
where index.html is stored in /webcgi/.
That link gives me N-N-N-Not Found.

So how are they different? Where is access being blocked, or not opened? I'm stumped.

My experience is mostly applications programming (C, PL/1, REXX, SQL, etc), not much web experience. I'm finding Apache disagreeably complex and frustrating, in terms of setting it up. Years ago, I set it up and got it working with Webbatch. Back then, I think it was only about two hours before I had it all figured out and running. In the intervening years, Apache has become a jungle of complexity. I believe in KISS, keep it simple. Otherwise a person starts to feel stupid.
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Mon 06 Apr '15 5:03    Post subject: Reply with quote

I don't know. I hate to say this cause I do not want to sound like I'm rubbing it in but it was actually pretty easy. The one thing I did however was give it a VirtualHost and the Alias is in the VirtualHost. This shouldn't matter any though.

link removed

Code:
<VirtualHost *:88>
  ServerName webbatch.linkpc.net
  DocumentRoot "h:/home/webbatch/public_html"
  <Directory "h:/home/webbatch/public_html">
    Options SymLinksIfOwnerMatch
    AllowOverride FileInfo
    Require all granted
  </Directory>
  Alias /webcgi h:/webbatch
  <Directory "h:/webbatch">
    Options ExecCGI
    AllowOverride FileInfo
    AddHandler cgi-script .exe
    Require all granted
  </Directory>

  # Deal with information disclosure vulnerability/(cough) feature
  # CVE-2007-5011
  <If "%{QUERY_STRING} =~ /dumpinputdata/">
    # Restrict access to the local server itself
    Require local
  </If>

  # Do not allow downloading the DLLs
  <Files ~ "\.dll$">
    Require all denied
  </Files>
</VirtualHost>


My only suggestion is you post the complete config at http://apaste.info/ and post the link to it here and let us have a look at it. I or someone may see something.

This WebBatch is quite spendy. To have an almost 8 year old information disclosure vulnerability (CVE-2007-5011) is rather disgusting. The least they could do is force authentication for ?dumpinputdata.

As far as Apache being much more complicated than before, I would not agree. All the things that were there in 1.3.0 are still here in 2.4. The difference is there is just a lot more (use it or not) but the Access and Authentication I admit has changed.


Last edited by glsmith on Mon 06 Apr '15 19:37; edited 1 time in total
Back to top
Rod



Joined: 03 Apr 2015
Posts: 8
Location: Toronto, Canada

PostPosted: Mon 06 Apr '15 7:31    Post subject: Reply with quote

glsmith wrote:
I hate to say this...but it was actually pretty easy.

Yeah, it's easy when you know what you're doing. You obviously do. LOL

I have managed to get Webbatch working! Smile

I resolved the Forbidden and Not Found problems I was having by moving everything within the main folder, defined in httpd.conf, that had access. I may rearrange things later, now that I have basic grip on it. But at least now I can start working on the website instead of spinning my wheels.

And thanks to your very helpful suggestion (AddHandler), Webbatch runs now. I'm delighted. Smile

I will look into the security issues you've referred to. Thank you for pointing me to them.

You're right, Webbatch is a bit pricy. But it will let me use their scripting language, Winbatch, which I'm extremely familiar with. I've used it for many years. I appreciate its clean and simple syntax, more than I do Javascript or PHP or any of the other popular scripting languages.

One really nice feature of Winbatch is it's an extremely extendable language. I can create my own compiled functions (in DLLs) and access them as part of the script. I've written hundreds of my own functions. In that way, it provides both the convenience and ease of scripting and the brute speed of C.

Years ago, I had probably the fastest music data site on the web. Enter the name of a song, it would shoot back up to 2,000 names of
albums that song appeared on, and it did so in generally less than 0.8 sec. That used Webbatch and Winbatch. Click on any album, you could see all the song titles on it. Or you could see all the albums done by a particular artist. I had a few million albums in the database. That was all it did. Just info. But I granted public access because it was very useful to me, for identifying MP3s. Many posters give only the track number and song title, but not the artist or album.

Then that drive failed. That ended that web offering. That was before I learned to back things up. Smile

Thank you very much for your assistance! Much appreciated. Cheers. Smile

Rod
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Mon 06 Apr '15 18:46    Post subject: Reply with quote

Great, glad you got it sorted out!
Back to top


Reply to topic   Topic: Server sending webbatch.exe instead of running it View previous topic :: View next topic
Post new topic   Forum Index -> Other Software