• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 175
  • Last Modified:

Denying access to cgi-bin dir through Apache

Hey all.

Say I have a directory called cgi, which houses scripts called by .shtml pages.  Of course, those scripts are run by the Apache server itself.

For security reasons, I do not want any user to be able to go to www.mywebsite.com/cgi and see all my scripts.

If I password protect the directory, then the server cannot execute any of my SSId CGI files in that directory.

How can I prevent users from going to that directory, while at the same time getting my server to execute those server-side-includes?  

I'd like a better answer than "just put an index.html file in that directory," as I'm sure that isn't the most secure thing to do.
0
htrosxlmn
Asked:
htrosxlmn
  • 3
  • 2
1 Solution
 
jlevieCommented:
As far as the web server is concerned, just don't include an "indexes" directive for the cgi-bin directory.
0
 
htrosxlmnAuthor Commented:
How do I do that?  I am not the admin, but the admin will do whatever I ask him to.  

Walk me through it and you got the points. ;)
0
 
jlevieCommented:
I'll try to, but whether I can or not depends on what web server is in use. If it is Apache, or another that uses a similar type of config file you'd want to change the definition of the cgi-bin directory from:

<Directory "/opt/Apache/cgi-bin">
   AllowOverride None
   Options Indexes ExecCGI
   Order allow,deny
   Allow from all
</Directory>
 
to:

<Directory "/opt/Apache/cgi-bin">
   AllowOverride None
   Options ExecCGI
   Order allow,deny
   Allow from all
</Directory>
0
 
htrosxlmnAuthor Commented:
Someone outside of this site suggested I put an .htaccess file in that directory that said

Options -Indexes

That's it!  That did the trick.  I'm giving you the points anyway, but I wanted you to know how I did it.
0
 
jlevieCommented:
Yeah, that would work also. Generally you'd like to be able to do it at the server level as those files are typically owned by root and ordinary users can't get in & change the settings.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now