Hello,<br><br>I am in need of assistance. I am not certain that this is the correct forum to address this issue. If not, please direct me to the appropriate forum. (I just joined today).<br><br>My question relates to the security of ones cgi-bin and the folders held within. <br><br>I discovered by accident that my cgi-bin is not secure, and the door has been left wide open for the world to see.<br><br>Each folder within the cgi-bin has been chmod'd and additionally all the files within each folder have permissions set correctly. <br><br>I found that if I type in the path to my cgi-bin, I was returned the full directory struction within cgi-bin. <br><br>I would appreciate any quidance one might give me. I have been in contact with the author of the script and also other forums. Thus far the only solution I have seen is to use an .htaccess file. Is this the only alternative one has? <br><br>Best Regards,<br><br>Kim
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Question on CGI-bin and securing folder within....
- Thread starter smenet
- Start date
- Thread starter
- #2
Kim,<br><br>welcome to Tek-Tips 
)<br><br>whenever you're able to find out your answer through means other than a tek-tips response, please post your answer to the forum... there might be somebody else out there with the same question as you, and this might help them. ) <p>Liam Morley<br><a href=mailto:lmorley@wpi.edu>lmorley@wpi.edu</a><br><a href=] :: imotic :: website :: [</a><br>"light the deep, and bring silence to the world.<br>
light the world, and bring depth to the silence.
)<br><br>whenever you're able to find out your answer through means other than a tek-tips response, please post your answer to the forum... there might be somebody else out there with the same question as you, and this might help them. ) <p>Liam Morley<br><a href=mailto:lmorley@wpi.edu>lmorley@wpi.edu</a><br><a href=] :: imotic :: website :: [</a><br>"light the deep, and bring silence to the world.<br>light the world, and bring depth to the silence.
- Thread starter
- #4
Hello,<br><br>Please accept my apologies for not posting the answer here at Tek-Tips. And, Liam, thank you for pointing out correct protocol for me to follow. <br><br>To review my original question, I had asked as to how one would secure their cgi-bin.<br><br>In the past, each server I have worked on, has the cgi-bin security built in. Quite by accident I discovered that the project I am working on resides on a server that does not provide the this security. Rather, the cgi-bin is treated as any other folder within the directory structure. I found that when accessing the cgi-bin directly, I was presented with the directory structure of the folder, with links to each folder/file within. <br><br>What this means, is that the door was wide open for the world. Not good. I found that I could rectify this securtiy breach in one of two ways:<br><br>1. Place an .html file within the cgi-bin (it can also be placed in all other directories as well). When someone attempts to view - <A HREF=" TARGET="_new"> they will see a warning by way of the .html file.<br><br>2. Create an .htaccess file with this line included:<br><br>Options -Indexes<br>ErrorDocument 403 /alert/alert.html<br><br>This will allow you to use your customized message and it will render for all directories that a user would directly access or back button to. Likewise, if you don't care to use a customized page, just enter: <br><br>Options -Indexes<br>ErrorDocument 403<br><br>Best Regards,<br><br>Kim<br><br>
<br><br>To review my original question, I had asked as to how one would secure their cgi-bin.<br><br>In the past, each server I have worked on, has the cgi-bin security built in. Quite by accident I discovered that the project I am working on resides on a server that does not provide the this security. Rather, the cgi-bin is treated as any other folder within the directory structure. I found that when accessing the cgi-bin directly, I was presented with the directory structure of the folder, with links to each folder/file within. <br><br>What this means, is that the door was wide open for the world. Not good. I found that I could rectify this securtiy breach in one of two ways:<br><br>1. Place an .html file within the cgi-bin (it can also be placed in all other directories as well). When someone attempts to view - <A HREF=" TARGET="_new"> they will see a warning by way of the .html file.<br><br>2. Create an .htaccess file with this line included:<br><br>Options -Indexes<br>ErrorDocument 403 /alert/alert.html<br><br>This will allow you to use your customized message and it will render for all directories that a user would directly access or back button to. Likewise, if you don't care to use a customized page, just enter: <br><br>Options -Indexes<br>ErrorDocument 403<br><br>Best Regards,<br><br>Kim<br><br>- Status