Execute cgi outside of cgi-bin

Execute cgi outside of cgi-bin

Post by dave.. » Sat, 26 Aug 2000 04:00:00



I know simple question- I had a problem with my setup and had to resore
from an old config- now cgi will not execute outside of the cgi-bin

Ie
/home/cpfc/www/cgi-bin executes
/home/cpfc/www/anydirectory fails (403 error)

Heres what I have so far:

In httpd.conf

NameVirtualHost 64.65.14.178

<VirtualHost 64.65.14.178>
<Directory /usr/local/interface>
        Options +ExecCGI +FollowSymLinks
        AllowOverride All
</Directory>
<Directory /home/cpfc/www/serversecure>
        Options +ExecCGI +FollowSymLinks
        AllowOverride All
</Directory>

<Directory /home/cpfc/www>
        Options +ExecCGI
        AllowOverride All
</Directory>

DocumentRoot /home/cpfc/www
ServerName cpfc.org
ServerAlias  www.cpfc.org
Group nobody
ErrorLog logs/cpfc.org.error_log
CustomLog logs/cpfc.org.access_log wusage
ScriptAlias /cgi-bin/ /home/cpfc/www/cgi-bin/
ScriptAlias /www/ /home/cpfc/www/
ScriptAlias /_vti_bin/_vti_adm/ /home/cpfc/www/_vti_bin/_vti_adm/
ScriptAlias /_vti_bin/_vti_aut/ /home/cpfc/www/_vti_bin/_vti_aut/
ScriptAlias /_vti_bin/ /home/cpfc/www/_vti_bin/
</VirtualHost>

In srm.conf

# ScriptAlias: This controls which directories contain server scripts.
# Format: ScriptAlias fakename realname

ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/

# If you want to use server side includes, or CGI outside
# ScriptAliased directories, uncomment the following lines.

In access.conf

# /home/httpd/cgi-bin should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.

<Directory /home/httpd/cgi-bin>
AllowOverride All
Options ExecCGI
</Directory>

<Directory /home/cpfc/www>
AllowOverride All
Options ExecCGI
</Directory>

Any help gratefully recieved

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

Execute cgi outside of cgi-bin

Post by David Efflan » Sun, 27 Aug 2000 13:46:16



>I know simple question- I had a problem with my setup and had to resore
>from an old config- now cgi will not execute outside of the cgi-bin

>Ie
>/home/cpfc/www/cgi-bin executes
>/home/cpfc/www/anydirectory fails (403 error)

Do you have the following in one of your conf files to run CGI outside of
a ScriptAlias dir:

# To use CGI scripts:
AddHandler cgi-script .cgi

It can be a space separated list of other file extensions too, but usually
it is best to stick with .cgi suffix for CGI so you can tell the
difference between CGI and scripts to be run from the shell.

--

http://www.autox.chicago.il.us/  http://www.berniesfloral.net/
http://hammer.prohosting.com/~cgi-wiz/  http://cgi-help.virtualave.net/

 
 
 

1. /cgi-bin/phf /cgi-bin/test-cgi /cgi-bin/handler

I've been seeing a number of attacks of this sort recently
from various sites in the http logs.  The time correlation
between the logs on various hosts suggests that the attacker
was scanning sequentially upward in IP addresses.  Since all
tcp and udp packets to ports below 1024 except for http,
smtp, and ident are filtered out for most, including the
attacking, sites, I'm not seeing anything else in the logs.

209.61.73.47 - - [04/Jul/1998:07:19:27 -0500] "GET /cgi-bin/phf" 404 -
209.61.73.47 - - [04/Jul/1998:07:19:28 -0500] "GET /cgi-bin/test-cgi" 404 -
209.61.73.47 - - [04/Jul/1998:07:19:28 -0500] "GET /cgi-bin/handler" 404 -

Is this a signature of some known attackware?  If so, what
other attacks accompany these http probes?

--

2. Fork problem with C news under Slackware

3. Executing .pl files outside of cgi-bin

4. Named server

5. Running cgi scripts outside /cgi-bin directory

6. swapping ctrl and caps with MetroX

7. Cannot execute CGI programs in /cgi-bin with Apache

8. xgrab(sc) binary

9. cgi-bin/view-source?cgi-bin/view-source

10. write permissions outside CGI-BIN dir

11. scohttp80 will not execute scripts in cgi-bin -Reply

12. executing /sbin/ifconfig from a /cgi-bin script

13. Apache: file redirected/aliased to cgi-bin does not execute