The line <Location /perl/*.pl> should read <Location ~ "^/perl/.*\.pl$"> This allows perl scripts in subdirectories to be handled by mod_perl. Reproducible: Always Steps to Reproduce: 1. emerge regular apache & perl 2. create a perl script in /perl/subdir/file.pl 3. attempt to run script (fails) 4. change config line as seen in Details (/perl/*.pl to ~ "^/perl/.*\.pl$") 5. attempt to run script (succeeds) Actual Results: You see the source of the .pl file instead of the scripts output. Expected Results: Show the scripts output.
wont ^/perl/.*\.pl$ match /perl/../some-evil.pl ?
No, ^/perl/.*\.pl$ will not match /perl/../some-evil.pl ! Apache is much to smart for this.... Give it a try. Go to http://domain/perl/../some-evil.pl or even http://domain/perl/../../some-evil.pl Apache will redirect you to http://domain/some-evil.pl
I tried it , this seems ok to me.
It is turned off by default, but added. Thanks