I'm migrating a site to a Hostgator shared hosting site under Linux CentOS. Security is a paramount concern.
The old website was on an Apache server that had Perl scripts in cgi-bin. The cgi-bin resided above the document root. This was excellent from a security perspective, as the cgi-bin directory is not publicly visible.
On the new server, cgi-bin lives under the document root, as in www/cgi-bin. It could
be publicly visible.
I put index.html and hello_world.pl files in www/cgi-bin and changed permissions to 755. In both cases, I got an error message: Internal Server Error. This is likely Apache-generated. So perhaps the directory is already completely secure.
Support says that I could move cgi-bin above the document root, but .htaccess changes would be required and they really don't know what those changes would be. They also said that I could not
move cgi-bin. Guess the answer depends on the weather.
They also said that scripts in cgi-bin are protected by Apache and can only be accessed by the owner.
Is it reasonable to assume that the current www/cgi-bin directory is secure at this point?
Is it reasonable to move it myself to above the document root? Where might I find .htaccess rules to do so?
This thread is related to my question:
Thanks very much.