Solved

Denying access to cgi-bin dir through Apache

Posted on 2000-05-06
5
165 Views
Last Modified: 2013-11-18
Hey all.

Say I have a directory called cgi, which houses scripts called by .shtml pages.  Of course, those scripts are run by the Apache server itself.

For security reasons, I do not want any user to be able to go to www.mywebsite.com/cgi and see all my scripts.

If I password protect the directory, then the server cannot execute any of my SSId CGI files in that directory.

How can I prevent users from going to that directory, while at the same time getting my server to execute those server-side-includes?  

I'd like a better answer than "just put an index.html file in that directory," as I'm sure that isn't the most secure thing to do.
0
Comment
Question by:htrosxlmn
  • 3
  • 2
5 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 2785723
As far as the web server is concerned, just don't include an "indexes" directive for the cgi-bin directory.
0
 

Author Comment

by:htrosxlmn
ID: 2785839
How do I do that?  I am not the admin, but the admin will do whatever I ask him to.  

Walk me through it and you got the points. ;)
0
 
LVL 40

Accepted Solution

by:
jlevie earned 150 total points
ID: 2786232
I'll try to, but whether I can or not depends on what web server is in use. If it is Apache, or another that uses a similar type of config file you'd want to change the definition of the cgi-bin directory from:

<Directory "/opt/Apache/cgi-bin">
   AllowOverride None
   Options Indexes ExecCGI
   Order allow,deny
   Allow from all
</Directory>
 
to:

<Directory "/opt/Apache/cgi-bin">
   AllowOverride None
   Options ExecCGI
   Order allow,deny
   Allow from all
</Directory>
0
 

Author Comment

by:htrosxlmn
ID: 2789428
Someone outside of this site suggested I put an .htaccess file in that directory that said

Options -Indexes

That's it!  That did the trick.  I'm giving you the points anyway, but I wanted you to know how I did it.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2789968
Yeah, that would work also. Generally you'd like to be able to do it at the server level as those files are typically owned by root and ordinary users can't get in & change the settings.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Using Grep to Find a file 8 84
auto mounter on solaris 1 52
I starting with php 12 112
Correct syntax to upload file in a script using sftp 2 73
Most of the sites are being standardized with W3C Web Standards. W3C provides lot of web standard services to the web. They have the web specification, process and documentation for all the web standards. You can apply HTML, CSS and Accessibility st…
SASS allows you to treat your CSS code in a more OOP way. Let's have a look on how you can structure your code in order for it to be easily maintained and reused.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now