fredo783
asked on
How to secure cgi-bin under document root - or move it above document root?
Hi:
I'm migrating a site to a Hostgator shared hosting site under Linux CentOS. Security is a paramount concern.
The old website was on an Apache server that had Perl scripts in cgi-bin. The cgi-bin resided above the document root. This was excellent from a security perspective, as the cgi-bin directory is not publicly visible.
On the new server, cgi-bin lives under the document root, as in www/cgi-bin. It could be publicly visible.
I put index.html and hello_world.pl files in www/cgi-bin and changed permissions to 755. In both cases, I got an error message: Internal Server Error. This is likely Apache-generated. So perhaps the directory is already completely secure.
Support says that I could move cgi-bin above the document root, but .htaccess changes would be required and they really don't know what those changes would be. They also said that I could not move cgi-bin. Guess the answer depends on the weather.
They also said that scripts in cgi-bin are protected by Apache and can only be accessed by the owner.
Is it reasonable to assume that the current www/cgi-bin directory is secure at this point?
Is it reasonable to move it myself to above the document root? Where might I find .htaccess rules to do so?
This thread is related to my question:
https://www.experts-exchange.com/questions/20845090/Accessing-a-cgi-bin-that-is-ABOVE-the-www-directory-from-form-action.html
Thanks very much.
Fred
I'm migrating a site to a Hostgator shared hosting site under Linux CentOS. Security is a paramount concern.
The old website was on an Apache server that had Perl scripts in cgi-bin. The cgi-bin resided above the document root. This was excellent from a security perspective, as the cgi-bin directory is not publicly visible.
On the new server, cgi-bin lives under the document root, as in www/cgi-bin. It could be publicly visible.
I put index.html and hello_world.pl files in www/cgi-bin and changed permissions to 755. In both cases, I got an error message: Internal Server Error. This is likely Apache-generated. So perhaps the directory is already completely secure.
Support says that I could move cgi-bin above the document root, but .htaccess changes would be required and they really don't know what those changes would be. They also said that I could not move cgi-bin. Guess the answer depends on the weather.
They also said that scripts in cgi-bin are protected by Apache and can only be accessed by the owner.
Is it reasonable to assume that the current www/cgi-bin directory is secure at this point?
Is it reasonable to move it myself to above the document root? Where might I find .htaccess rules to do so?
This thread is related to my question:
https://www.experts-exchange.com/questions/20845090/Accessing-a-cgi-bin-that-is-ABOVE-the-www-directory-from-form-action.html
Thanks very much.
Fred
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, folks. It appears that Apache is configured in this environment to protect files in the default www/cgi-bin directory.
ASKER
There is no default .htaccess on this shared hosting site. I also do not have access to httpd.conf, nor can I modify apache.