You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Ron Savage <ro...@savage.net.au> on 2001/06/28 06:23:51 UTC
Q: How to I secure /cgi-bin?
Test env:
Apache/1.3.20 (Win32) mod_perl/1.25_01-dev mod_ssl/2.8.4 OpenSSL/0.9.6a
I just tried this to stop myself running any scripts from /cgi-bin, but it does not stop me. Yeah, yeah, I restart the server after
every patch to httpd.conf.
<Directory /cgi-bin>
Options Indexes FollowSymLinks MultiViews
Order allow,deny
Deny from all
Allow from 127.0.0.1
</Directory>
My aim of course is to use
Order deny,allow
to stop all others!
I tried
<Directory "/cgi-bin">
and
Allow from 128.0.0.1
just to see what would happen, but that did not stop me either.
Cheers
Ron Savage
ron@savage.net.au
http://savage.net.au/index.html
Re: How to I secure /cgi-bin?
Posted by Tim Tompkins <ti...@arttoday.com>.
Use Location for paths respective to the server root.
<Location /cgi-bin>
...
</Location>
----- Original Message -----
From: "Ron Savage" <ro...@savage.net.au>
To: "mod_perl" <mo...@apache.org>
Sent: Wednesday, June 27, 2001 9:23 PM
Subject: Q: How to I secure /cgi-bin?
> Test env:
> Apache/1.3.20 (Win32) mod_perl/1.25_01-dev mod_ssl/2.8.4 OpenSSL/0.9.6a
>
> I just tried this to stop myself running any scripts from /cgi-bin, but it
does not stop me. Yeah, yeah, I restart the server after
> every patch to httpd.conf.
>
> <Directory /cgi-bin>
> Options Indexes FollowSymLinks MultiViews
> Order allow,deny
> Deny from all
> Allow from 127.0.0.1
> </Directory>
>
> My aim of course is to use
> Order deny,allow
> to stop all others!
>
> I tried
> <Directory "/cgi-bin">
> and
> Allow from 128.0.0.1
> just to see what would happen, but that did not stop me either.
>
> Cheers
> Ron Savage
> ron@savage.net.au
> http://savage.net.au/index.html
>
>