Rewrite and cgi-bin and 403 forbidden

Rewrite and cgi-bin and 403 forbidden

Post by Steve Schal » Fri, 20 Feb 1998 04:00:00



Hi,

Getting very close on this...... Running Solaris 2.5.1 on Ultrasparc I
w/320 megs ram

Using the RewriteRule to have the domain  www.banking2000.com  jump to
www.banking2000.com/b2k   for the purpose of having all the log files
write to
the same access_log as the other virtuals and then using our analog
program to
search for  /b2k/*  for reporting.  Works great.. except for using a
cgi-cn directory
for cgi scripts. The new RewriteRule removes the /b2k/cgi-ck which
returned a
Not Found. The url being returned appears correct, however it returns a
403 error,

Forbidden
You don't have permission to access /cgi-cn/survey-hb/trivia_data.pl on
this server.

I have set all the directories and files to 777 for testing and the same
error appears.

If I enter the main domain instead of the virtual  www.banking2000.com,
it works fine.

Here is my httpd.conf section for this. Any help appreciated.

*********************************************
Here is the error_log (not sure what this means)

[Thu Feb 19 14:53:14 1998] [error] Options ExecCGI is off in this
directory, reason:
/netra/usr/local/etc/httpd/cgi-cn/survey-hb/trivia_data.pl
[Thu Feb 19 14:53:53 1998] [crit] (0)Error 0: mmap_handler: mmap failed:
/netra/usr/local/etc/httpd/htdocs/index.html
*********************************************
************ HTTPD.CONF ********************

<VirtualHost 204.91.89.96>

DocumentRoot /netra/usr/local/etc/httpd/htdocs/banking2000
ServerName www.banking2000.com
ErrorLog /usr/local/etc/httpd/logs/error_log
TransferLog /usr/local/etc/httpd/logs/access_log
UserDir public_html

# DirectoryIndex: Name of the file or files to use as a pre-written HTML

# directory index.  Separate multiple entries with spaces.

DirectoryIndex index.html

# FancyIndexing is whether you want fancy directory indexing or standard

FancyIndexing on

Options Indexes FollowSymLinks

# AddIcon tells the server which icon to show for different files or
filename
# extensions

AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*

AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core

AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^

# DefaultIcon is which icon to show for files which do not have an icon
# explicitly set.
DefaultIcon /icons/unknown.gif

# AddDescription allows you to place a short description after a file in

# server-generated indexes.
# Format: AddDescription "description" filename

# ReadmeName is the name of the README file the server will look for by
# default. Format: ReadmeName name
#
# The server will first look for name.html, include it if found, and it
will
# then look for name and include it as plaintext if found.
#
# HeaderName is the name of a file which should be prepended to
# directory indexes.

ReadmeName README
HeaderName HEADER

# IndexIgnore is a set of filenames which directory indexing should
ignore
# Format: IndexIgnore name1 name2...

IndexIgnore */.??* *~ *# */HEADER* */README* */RCS

# AccessFileName: The name of the file to look for in each directory
# for access control information.

AccessFileName .htaccess

# DefaultType is the default MIME type for documents which the server
# cannot find the type of from filename extensions.

DefaultType text/plain

# AddEncoding allows you to have certain browsers (Mosaic/X 2.1+)
uncompress
# information on the fly. Note: Not all browsers support this.

# AddEncoding x-compress Z
# AddEncoding x-gzip gz

# AddLanguage allows you to specify the language of a document. You can
# then use content negotiation to give a browser a file in a language
# it can understand.  Note that the suffix does not have to be the same
# as the language keyword --- those with documents in Polish (whose
# net-standard language code is pl) may wish to use "AddLanguage pl .po"

# to avoid the ambiguity with the common suffix for perl scripts.

AddLanguage en .en
AddLanguage fr .fr
AddLanguage de .de
AddLanguage da .da
AddLanguage el .el
AddLanguage it .it

# LanguagePriority allows you to give precedence to some languages
# in case of a tie during content negotiation.
# Just list the languages in decreasing order of preference.

LanguagePriority en fr de

#AddHandler cgi-script .cgi

# If you wish to use server-parsed imagemap files, use
AddHandler imap-file map

# To enable type maps, you might want to use
AddHandler type-map var

    Rewri*gine on

    #   backward compat for old days...
    RewriteRule ^/cgi-bin/imagemap(.*) $1

    #   some non-root special dirs:
    RewriteRule ^/cgi-cn/(.+) /netra/usr/local/etc/httpd/cgi-cn/$1
[T=application/x-httpd-cgi,L]

    #   make sure our root is under /b2k/
    RewriteRule ^/$       http://www.veryComputer.com/; [R,L]
    RewriteRule ^/b2k$     http://www.veryComputer.com/; [R,L]
    RewriteRule !^/b2k/.*  -                                   [C]
    RewriteRule ^/(.+)$   http://www.veryComputer.com/$1 [R,L]

    #   optionally pass stuff to mod_alias...
    RewriteRule .*        -                           [PT]

Alias /icons/ /netra/usr/local/etc/httpd/icons/
Alias /b2k/   /netra/usr/local/etc/httpd/htdocs/banking2000/

# ScriptAlias: This controls which directories contain server scripts.
# Format: ScriptAlias fakename realname

# ScriptAlias /cgi-bin/ /usr5/blong/httpd/cgi-bin/
ScriptAlias /cgi-bin/ /netra/usr/local/etc/httpd/cgi-bin/
ScriptAlias /cgi-cn/ /netra/usr/local/etc/httpd/cgi-cn/

</VirtualHost>

 
 
 

Rewrite and cgi-bin and 403 forbidden

Post by Steve Schal » Fri, 20 Feb 1998 04:00:00


RESOLVED! Thanks


> Hi,

> Getting very close on this...... Running Solaris 2.5.1 on Ultrasparc I
> w/320 megs ram

> Using the RewriteRule to have the domain  www.banking2000.com  jump to
> www.banking2000.com/b2k   for the purpose of having all the log files
> write to
> the same access_log as the other virtuals and then using our analog
> program to
> search for  /b2k/*  for reporting.  Works great.. except for using a
> cgi-cn directory
> for cgi scripts. The new RewriteRule removes the /b2k/cgi-ck which
> returned a
> Not Found. The url being returned appears correct, however it returns a
> 403 error,

> Forbidden
> You don't have permission to access /cgi-cn/survey-hb/trivia_data.pl on
> this server.

> I have set all the directories and files to 777 for testing and the same
> error appears.

> If I enter the main domain instead of the virtual  www.banking2000.com,
> it works fine.

> Here is my httpd.conf section for this. Any help appreciated.

> *********************************************
> Here is the error_log (not sure what this means)

> [Thu Feb 19 14:53:14 1998] [error] Options ExecCGI is off in this
> directory, reason:
> /netra/usr/local/etc/httpd/cgi-cn/survey-hb/trivia_data.pl
> [Thu Feb 19 14:53:53 1998] [crit] (0)Error 0: mmap_handler: mmap failed:
> /netra/usr/local/etc/httpd/htdocs/index.html
> *********************************************
> ************ HTTPD.CONF ********************

> <VirtualHost 204.91.89.96>

> DocumentRoot /netra/usr/local/etc/httpd/htdocs/banking2000
> ServerName www.banking2000.com
> ErrorLog /usr/local/etc/httpd/logs/error_log
> TransferLog /usr/local/etc/httpd/logs/access_log
> UserDir public_html

> # DirectoryIndex: Name of the file or files to use as a pre-written HTML

> # directory index.  Separate multiple entries with spaces.

> DirectoryIndex index.html

> # FancyIndexing is whether you want fancy directory indexing or standard

> FancyIndexing on

> Options Indexes FollowSymLinks

> # AddIcon tells the server which icon to show for different files or
> filename
> # extensions

> AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

> AddIconByType (TXT,/icons/text.gif) text/*
> AddIconByType (IMG,/icons/image2.gif) image/*
> AddIconByType (SND,/icons/sound2.gif) audio/*
> AddIconByType (VID,/icons/movie.gif) video/*

> AddIcon /icons/binary.gif .bin .exe
> AddIcon /icons/binhex.gif .hqx
> AddIcon /icons/tar.gif .tar
> AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
> AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
> AddIcon /icons/a.gif .ps .ai .eps
> AddIcon /icons/layout.gif .html .shtml .htm .pdf
> AddIcon /icons/text.gif .txt
> AddIcon /icons/c.gif .c
> AddIcon /icons/p.gif .pl .py
> AddIcon /icons/f.gif .for
> AddIcon /icons/dvi.gif .dvi
> AddIcon /icons/uuencoded.gif .uu
> AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
> AddIcon /icons/tex.gif .tex
> AddIcon /icons/bomb.gif core

> AddIcon /icons/back.gif ..
> AddIcon /icons/hand.right.gif README
> AddIcon /icons/folder.gif ^^DIRECTORY^^
> AddIcon /icons/blank.gif ^^BLANKICON^^

> # DefaultIcon is which icon to show for files which do not have an icon
> # explicitly set.
> DefaultIcon /icons/unknown.gif

> # AddDescription allows you to place a short description after a file in

> # server-generated indexes.
> # Format: AddDescription "description" filename

> # ReadmeName is the name of the README file the server will look for by
> # default. Format: ReadmeName name
> #
> # The server will first look for name.html, include it if found, and it
> will
> # then look for name and include it as plaintext if found.
> #
> # HeaderName is the name of a file which should be prepended to
> # directory indexes.

> ReadmeName README
> HeaderName HEADER

> # IndexIgnore is a set of filenames which directory indexing should
> ignore
> # Format: IndexIgnore name1 name2...

> IndexIgnore */.??* *~ *# */HEADER* */README* */RCS

> # AccessFileName: The name of the file to look for in each directory
> # for access control information.

> AccessFileName .htaccess

> # DefaultType is the default MIME type for documents which the server
> # cannot find the type of from filename extensions.

> DefaultType text/plain

> # AddEncoding allows you to have certain browsers (Mosaic/X 2.1+)
> uncompress
> # information on the fly. Note: Not all browsers support this.

> # AddEncoding x-compress Z
> # AddEncoding x-gzip gz

> # AddLanguage allows you to specify the language of a document. You can
> # then use content negotiation to give a browser a file in a language
> # it can understand.  Note that the suffix does not have to be the same
> # as the language keyword --- those with documents in Polish (whose
> # net-standard language code is pl) may wish to use "AddLanguage pl .po"

> # to avoid the ambiguity with the common suffix for perl scripts.

> AddLanguage en .en
> AddLanguage fr .fr
> AddLanguage de .de
> AddLanguage da .da
> AddLanguage el .el
> AddLanguage it .it

> # LanguagePriority allows you to give precedence to some languages
> # in case of a tie during content negotiation.
> # Just list the languages in decreasing order of preference.

> LanguagePriority en fr de

> #AddHandler cgi-script .cgi

> # If you wish to use server-parsed imagemap files, use
> AddHandler imap-file map

> # To enable type maps, you might want to use
> AddHandler type-map var

>     Rewri*gine on

>     #   backward compat for old days...
>     RewriteRule ^/cgi-bin/imagemap(.*) $1

>     #   some non-root special dirs:
>     RewriteRule ^/cgi-cn/(.+) /netra/usr/local/etc/httpd/cgi-cn/$1
> [T=application/x-httpd-cgi,L]

>     #   make sure our root is under /b2k/
>     RewriteRule ^/$       http://www.veryComputer.com/; [R,L]
>     RewriteRule ^/b2k$     http://www.veryComputer.com/; [R,L]
>     RewriteRule !^/b2k/.*  -                                   [C]
>     RewriteRule ^/(.+)$   http://www.veryComputer.com/$1 [R,L]

>     #   optionally pass stuff to mod_alias...
>     RewriteRule .*        -                           [PT]

> Alias /icons/ /netra/usr/local/etc/httpd/icons/
> Alias /b2k/   /netra/usr/local/etc/httpd/htdocs/banking2000/

> # ScriptAlias: This controls which directories contain server scripts.
> # Format: ScriptAlias fakename realname

> # ScriptAlias /cgi-bin/ /usr5/blong/httpd/cgi-bin/
> ScriptAlias /cgi-bin/ /netra/usr/local/etc/httpd/cgi-bin/
> ScriptAlias /cgi-cn/ /netra/usr/local/etc/httpd/cgi-cn/

> </VirtualHost>


 
 
 

Rewrite and cgi-bin and 403 forbidden

Post by Elly » Fri, 20 Feb 1998 04:00:00



> RESOLVED! Thanks

HOW??? I'm not sure my problem is anything like yours, but I haven't
gotten any technical responses to my original request for help, so I'll
try again ...

I'm running Apache 1.2? under Red Hat 5.0 (the version that comes in
that distribution).

The error log tells me that access to /home/httpd/cgi-bin/myform.cgi
failed because the script wasn't found.

Well, all my conf files point to the following structure
(which admittedly is not the default as provided on the
distribution):

                    www
                     |
         -------------------------------
         |        |      |             |
      cgi-bin   conf   htdocs  ...   logs

access.conf specifies the Directory /usr/usr2/www/cgi-bin

srm.conf specifies a ScriptAlias /cgi-bin/ /usr/usr2/www/cgi-bin
                     AddType application/x-httpd-cgi cgi

Nobody anywhere references anything in /home. I had this problem
with the content, too, and have no clue what I did to finally get
the server to see my content rather than the attractive but disapointing
non-informative Apache home page.

The myform.html calls
<FORM METHOD="POST" ACTION="/cgi-bin/myform.cgi">

I'm not very experienced at CGI nor web admin and there's no
one else to ask. PLEASE help me ...

Thank you most gratefully,
!Ellyn

(remove the obvious bits for my real email)

 
 
 

1. /cgi-bin/phf /cgi-bin/test-cgi /cgi-bin/handler

I've been seeing a number of attacks of this sort recently
from various sites in the http logs.  The time correlation
between the logs on various hosts suggests that the attacker
was scanning sequentially upward in IP addresses.  Since all
tcp and udp packets to ports below 1024 except for http,
smtp, and ident are filtered out for most, including the
attacking, sites, I'm not seeing anything else in the logs.

209.61.73.47 - - [04/Jul/1998:07:19:27 -0500] "GET /cgi-bin/phf" 404 -
209.61.73.47 - - [04/Jul/1998:07:19:28 -0500] "GET /cgi-bin/test-cgi" 404 -
209.61.73.47 - - [04/Jul/1998:07:19:28 -0500] "GET /cgi-bin/handler" 404 -

Is this a signature of some known attackware?  If so, what
other attacks accompany these http probes?

--

2. Multihoming network

3. 403 forbiden cgi-bin (newbie)

4. automatic response with a list of usernames

5. H: Debian 2.0r3 LINUX: Apache: CGI scripts: 403 - access forbidden

6. Problem with Viewsonic P775

7. CGI Configuration and the FORBIDDEN Error (403)

8. hardware recommendations

9. Matrox Mystique ands X.

10. cgi-bin/view-source?cgi-bin/view-source

11. rewrite and cgi-bin

12. Apache rewrite problem with cgi-bin

13. 403 Forbidden you don't have access to / on this server.....