[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Creating cgi-bin?
- Subject: Re: [cobalt-users] Creating cgi-bin?
- From: Hostmaster <hostmaster@xxxxxxxxxx>
- Date: Sat Jun 3 00:53:10 2000
on 5/25/00 2:41 PM, jdarden@xxxxxxxxxxx at jdarden@xxxxxxxxxxx wrote:
>
>
> ****** Original Message ******
> FROM: cobalt-users@xxxxxxxxxxxxxxx
> SENT: Thu 05/25/2000 3:45 PM
> TO: cobalt-users@xxxxxxxxxxxxxxx
> SUBJECT: RE: [cobalt-users] Creating cgi-bin?
>
> Hi,
>
> Just FTP into your server, and create a cgi-bin directory. The RaQ server
> allows you to run cgi scripts anywhere on your server, so that is why you
> don't have a cgi-bin directory.
> The bad thing is security. Anyone can access your cgi-bin, and can see what
> your have there.
> The only thing I know to do is to create a blank index.html file and put it in
> your cgi-bin directory.
> If there is a way to make this directory un-accessable, I would like to know.
There are lots of ways.
1. Use the blank index.html you suggested
2. Use an .htaccess file with indexignore *
# See: http://www.apache.org/docs/mod/mod_autoindex.html#indexignore
3. You could use a .htaccess file with the following in it:
Options -Indexes
# See: http://www.apache.org/docs/mod/core.html#options
4. And something I've been planning on figuring out (when I get a minute)
and would be absolutely the best would be to use a combination of
directorymatch and -Indexes sort of like the following in your config file.
This would protect every cgi-bin directory on the system.
<DirectoryMatch "^/home/sites/.*/web/cgi-bin/">
Options -Indexes
</Directory>
# See: http://www.apache.org/docs/mod/core.html#directorymatch
My regex is a little rusty so someone will need to polish that one up a bit.
Any takers?
Scott
--
Scott Crumpton, Publisher Moriah Mountain Publishing
mailto:scott@xxxxxxxxxx http://www.moriah.com/
"With God, All Things Are Possible. Without God, Nothing Is Possible."