Gossamer Forum
Home : Products : Gossamer Links : Version 1.x :

Links and CGI-BIN Protection

Quote Reply
Links and CGI-BIN Protection
Greetings!

I realise this may be somewhat off topic, but I've tried 'everywhere' including my webhost to get an answer.

My webhost has one 'cgi-bin' location where everyone can access scripts (formail etc). I've had to create a 'cgi-local' bin, but can find no way to protect it - or the directories below including LinksSQL.

How can I protect my cgi-bin and below directories? I imagine I can use a .htaccess file, but cannot find 'anywhere' the commands achieve what I am after.

Thanks in advance.

Clint.

------------------
Clint
----------------------------------
http://www.AffiliatesDirectory.com
Proud Supporter of Links 2
----------------------------------



Quote Reply
Re: Links and CGI-BIN Protection In reply to
First, here's some htaccess info:

http://faq.web2010.com/htaccess.htm

I just noticed a buildpw.cgi script in my Links SQL admin directory that I don't recall seing before... It would appear this is included when Alex installs the program as an automated way to protect the necessary directories.

Second, my first impression from such a server arrangement is that it will not be optimal for handling Links SQL.

Dan
Quote Reply
Re: Links and CGI-BIN Protection In reply to
Thanks Dan, however that tutorial covers password protection fairly well, but not the protection I am after. I am looking to simply stop people from 'browsing' that directory.

Regards,



------------------
Clint
----------------------------------
www.AffiliatesDirectory.com
Proud Supporter of Links SQL
----------------------------------




Quote Reply
Re: Links and CGI-BIN Protection In reply to
In that case, try putting an index.html in each of the cgi-bin directories. It will be a blank default file pointing nowhere, so they will be unable to browse. Still, that's very weak security...

Dan
Quote Reply
Re: Links and CGI-BIN Protection In reply to
Or the better solution is to put the following codes in your ROOT .htaccess file:

Code:
DirectoryIndex index.cgi index.shtml index.html index.htm /forbidden.html

Then create an html file called forbidden.html, which should contain the HTTP Error 403: Forbidden message.

Regards,


------------------
Eliot Lee....
Former Handle: Eliot
* Check Resource Center
* Search Forums
Quote Reply
Re: Links and CGI-BIN Protection In reply to
That works for web-based access.

There is one other problem that can occur on Unix systems.

People with FTP/telnet access to the system can browse into those directories. The only way around that is to make the webserver a member of a group that no one else is a member of, except you. Since it's the webserver making the calls to anything in the "admin" directory it can access and serve those files. But, no one can browse into them.

Can be a pain in the butt for server maintennance, but it does protect the sensitive documents from being read by others on your server.

An in depth explanation is beyond me. But, you can find out about it in any book on system admin and security. It's the same principle for protecting sensitive system files while still allowing access.

Quote Reply
Re: Links and CGI-BIN Protection In reply to
Pugdog:

My webhost has created an alias and placed it into my 'root' directory.

That seems to have worked fine.

Thanks,

Regards

------------------
Clint
----------------------------------
www.AffiliatesDirectory.com
Proud Supporter of Links SQL
----------------------------------