Very Computer

in cgi-bin, I have some execs that I want to protect with .htaccess, and
others that I want public. Whats the best way to do this? With a
seperate cgi directory, or by futzing around with .htaccess? Or another
way?

E

Quote:> in cgi-bin, I have some execs that I want to protect with .htaccess, and
> others that I want public. Whats the best way to do this? With a
> seperate cgi directory, or by futzing around with .htaccess? Or another
> way?

If you want security, you'll need to use the require and/or allow
directives either in an .htaccess or in the conf files.  Simply putting
the CGI's in a seperate directory without doing anything else (security
via obfusucation) is considered extremely weak.

Read up on the <FILE></FILE> directives
(http://www.apache.org/docs/mod/core.html#files) to learn how to apply
other directives on a per-file basis.

moo
----------------------------------------------------------------------
              Ron Klatchko - Senior Software Engineer
         UCSF Library and Center for Knowledge Management

Per FILE access control is one way to go about it, but if you are
trying to protect executables, why not just put the protection in each
respective script?  I mean, it's really easy to put something like
this in the top of a perl script:

if ($ENV{REMOTE_ADDR} !~ /204\.152\.10/)
        {
        print "Content-type: text/html\n\n";
        print "You are not authorized to access this program";
        exit;
        }

<... rest of script follows...>

Of course, this doesn't give you the nice password login pop-up, but
if you really want that, just make a directory for all your "password
protected" scripts, and put them all in there.  

cgi-bin/ - all your "public scripts"
cgi-bin/secure/ - all your protected scripts

easy enough.