Referencing images in a cgi-bin, help!

Referencing images in a cgi-bin, help!

Post by Kerry J. Co » Wed, 04 Nov 1998 04:00:00


Howdy.
I'm using Apache 1.3.3 the rpm version on my Linux 5.1 box.  I normally
use the source version and compile it myself on my Solaris boxen, but my
Linux box is for testing purposes.  I am setting up a program that
resides in /home/httpd/cgi-bin/  However, I am finding that there are
errors when it tries to reference images found within the cgi-bin
directory structure.
Could someone please tell me what I need to change in order to reference
those images?  Are there some easy settings somewhere in my http.conf or
access.conf that I can change?
Thanks.
KJ

--

.-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-.
| Kerry J. Cox                          Vyzynz International Inc. |

| Systems Administrator                 http://vii.com/           |
`-----------------------------------------------------------------'

 
 
 

Referencing images in a cgi-bin, help!

Post by Sevo Still » Fri, 06 Nov 1998 04:00:00



> Howdy.
> I'm using Apache 1.3.3 the rpm version on my Linux 5.1 box.  I normally
> use the source version and compile it myself on my Solaris boxen, but my
> Linux box is for testing purposes.  I am setting up a program that
> resides in /home/httpd/cgi-bin/  However, I am finding that there are
> errors when it tries to reference images found within the cgi-bin
> directory structure.
> Could someone please tell me what I need to change in order to reference
> those images?  Are there some easy settings somewhere in my http.conf or
> access.conf that I can change?

As has been mentioned in another recent thread, any file inside a
ScriptAliased directory is considered executable, and the server will
attempt to execute it whenever it is requested - and will eventually
deliver a failure if that is impossible due to the file format or wrong
file mode.

If you intend to execute CGI programs within a directory containing
other referenced content, you have to set up that directory as a normal
directory within your server tree (use Alias instead of ScriptAlias or
remove the ScriptAliasing and place the directory under your document
root), set up that directory to allow CGI execution ("Options +ExecCGI")
and set a Handler ("AddHandler cgi-script .cgi" - optionally, if the CGI
scripts do not have a distinctive extension, within a <Files> block) for
the scripts. Note that this may weaken your site security if you have a
less restrictive publishing policy for common directories - any
directory which allows for local CGI execution should be treated the
same as a ScriptAliased directory security-wise!

Sevo

--
Sevo Stille


 
 
 

1. /cgi-bin/phf /cgi-bin/test-cgi /cgi-bin/handler

I've been seeing a number of attacks of this sort recently
from various sites in the http logs.  The time correlation
between the logs on various hosts suggests that the attacker
was scanning sequentially upward in IP addresses.  Since all
tcp and udp packets to ports below 1024 except for http,
smtp, and ident are filtered out for most, including the
attacking, sites, I'm not seeing anything else in the logs.

209.61.73.47 - - [04/Jul/1998:07:19:27 -0500] "GET /cgi-bin/phf" 404 -
209.61.73.47 - - [04/Jul/1998:07:19:28 -0500] "GET /cgi-bin/test-cgi" 404 -
209.61.73.47 - - [04/Jul/1998:07:19:28 -0500] "GET /cgi-bin/handler" 404 -

Is this a signature of some known attackware?  If so, what
other attacks accompany these http probes?

--

2. APM HELP

3. cgi-bin/view-source?cgi-bin/view-source

4. HELP: LILO with Win95 and Linux

5. CGI-BIN/Images

6. RedHat 6.2: MATSHITA LS-120 Ver5 Not Working

7. Serving Images From cgi-bin

8. TOMCAT Jsp HTTP header

9. image files and cgi-bin directory

10. cgi-bin (C bin) hangs under Linux

11. cgi-bin setup help

12. cgi-bin and cgi file security

13. help my CGI-Bin disappeared!