Dear mod_ruby developers,
My company (a shared hosting provider) is about to migrate from Apache
1.3 to 2.x. We have written a couple of C modules to do custom CGI/PHP
wrapping and dynamic mass virtual hosting and I would like to write the
updated Apache2 modules in Ruby (or Perl, as a second choice) instead of C.
The problem is, for security reasons, we do not want to allow access to
mod_ruby from .htaccess, as the webserver is shared and normal hosting
users are allowed to use .htaccess.
I remember a while back suggesting something like "PerlMode normal" /
"PerlMode adminonly" directive to the mod_perl mailing list, where in
the "PerlMode adminonly" mode we deny all Perl* directives in .htaccess.
Unfortunately, I didn't get any reply. But I'm sure there are many
server admins like myself who would like the ability to write Apache
modules in Ruby/Perl but without having to give access to Ruby/Perl
interpreter to normal users.
The patch to do the above is simple, but I ended up doing the simpler
thing (modifying the directives definition in mod_perl.c from OR_ALL to
RSRC_CONF).
Now what about mod_ruby? Is there any interest to do like the above? I
believe this will increase the usefulness of mod_ruby, especially for
people in my situation (shared hosting). I hope the mod_ruby developers
would at least consider something like this or perhaps something more
general like restricting each phase from .htaccess.
Regards,
Dave