apache vhost with cgi-bin

apache vhost with cgi-bin

Post by jmill.. » Fri, 06 Aug 1999 04:00:00



Hi,

I'm wondering if I can have a vhosted site that has two cgi-bin's... one
that is public, one for that user's private scripts.

I need to have the private one for a webshell type app I came upon and
love... but I also want to provide a public cgi-bin with a group of
standard scripts (formmail, guestbook, counter...).

I have to use the user and group directives for my vhosts because of the
webshell script:
<VirtualHost IP.add.re.ss>
User web1
Group vhost
ServerName sub.my.domain.com
DocumentRoot /home/httpd/web1/public_html
AccessFileName .htaccess
ScriptAlias /private-cgi/ /home/httpd/privatecgis/web1/
#what I'm thinking should work:
#ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
</VirtualHost>

I also have a directory defined as:
<Directory /home/httpd/cgi-bin/>
Options ExecCGI
</Directory>

I'm guessing either I just can't do this... or I'm missing some Options
or override or directive or something (I know I don't even know half of
them). The reasons I want to do this... security (currently, users don't
have access to their private cgi-bin via ftp chroot and no telnet
access), ease of administration (central-izes all the cgi's), disk
space.

Currently, I think what the problem is, due to the User and Group
directives, public cgi's are being executed as the User instead of as
the server, so it doesn't do anything.

I am able to get to public scritps with the ScriptAlias set, but they
give me an error. They work if I take out the User and Group Directives
though.

So.... what do I have to do to get it to work?

--
Josh I.
ps- please no e-mails... I don't read my deja-news e-mails.... and I
don't a real news client on this machine so I'm stuck with deja (which
isn't too bad).

Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.

 
 
 

1. /cgi-bin/phf /cgi-bin/test-cgi /cgi-bin/handler

I've been seeing a number of attacks of this sort recently
from various sites in the http logs.  The time correlation
between the logs on various hosts suggests that the attacker
was scanning sequentially upward in IP addresses.  Since all
tcp and udp packets to ports below 1024 except for http,
smtp, and ident are filtered out for most, including the
attacking, sites, I'm not seeing anything else in the logs.

209.61.73.47 - - [04/Jul/1998:07:19:27 -0500] "GET /cgi-bin/phf" 404 -
209.61.73.47 - - [04/Jul/1998:07:19:28 -0500] "GET /cgi-bin/test-cgi" 404 -
209.61.73.47 - - [04/Jul/1998:07:19:28 -0500] "GET /cgi-bin/handler" 404 -

Is this a signature of some known attackware?  If so, what
other attacks accompany these http probes?

--

2. DNATing without connection tracking - is it possible?

3. Apache VHost CGI-BIN Directory

4. Abit PX5 430TX PCI-error msgs.

5. cgi-bin/view-source?cgi-bin/view-source

6. HACMP with EMC disk

7. vhost cgi-bin not working !

8. Record all commands users typed when login?

9. vhost/VirtualScriptAlias: change /cgi-bin/ url base, suggestions

10. apache: give /home/mailman/cgi-bin permissions to run cgi-scripts.

11. Cannot execute CGI programs in /cgi-bin with Apache

12. apache: cgi script not in cgi-bin

13. cgi-bin (C bin) hangs under Linux