Looking at your httpd.conf file, there are a couple of things that stick
out:
1) You have /root set as your DocumentRoot (this is the main directory
your files will come up from). This is not a good idea. The root user's
home directory should be secure. Looking later in your file, you have
DocumentRoot again defined. There should only be one in the file.
2) You have the rest configured as if your DocumentRoot should be
/home/httpd/html, which is where you have the cgi-bin directory configured
within http://host.domain.com/cgi-bin/somecgi.cgi...
3) Unless you have changed your /root directory to be readable by the
entire world (again, not a good idea), it's likely to have it's
permissions already set to:
drwx------ 2 root root 1024 Dec 1 1998 root/
Which means you would indeed get a 403 error (the OS is not allowing
Apache to go into the document root you configured it for).
4) Your file looks okay otherwise, however considering you have 2
declarations of DocumentRoot and 2-3 of the same declarations of the same
items for other keywords throughout the file, you are likely to have
problems.
If httpd.conf is okay otherwise, you need to check permissions of the
cgi-executable:
You must make a decision on who owns the cgi executable. If file
ownership is not owned by the webserver process or it's group, then you
must set the "others" permission to be able to execute it.
After you have the conf file set correctly, you must do one of the
following (# denotes some number not important to this example):
1) If owned by the webserver process (example it's httpd):
-rwxr-xr-- # httpd users (size) (date) somecgi.cgi
2) If owned by you, it must include the same group that httpd's a part of
(if the webserver is part of the daemon group for example):
-rwxr-xr-- # gauravag daemon (size) (date) somecgi.cgi
3) If your security schema is not comfortable with assigning ownership or
group ownership of the file to the webserver process, then you must allow
"others" to run the file (less secure):
-rwxr-xr-x # gauravag somegroup (size) (date) somecgi.cgi
#2 would be the most preferable to help prevent hacking (your system is
only as secure as the script that is being run). It's owned by a user
other than the one httpd is running as, the group can only read and run
it, and others (via telnet) can only read the file.
You're likely getting the 403 errors because the OS is not allowing
httpd to run the file.
On Sun, 5 Sep 1999, Gaurav Agarwal wrote:
> Date: Sun, 5 Sep 1999 16:27:49 +0530
> From: Gaurav Agarwal <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: httpd.conf
>
> This is in reference to the query i posted earlier on this mailing list.
> After sufficient amount of fiddling with the httpd.conf file, i have come to
> a point where on trying to execute a .cgi file in browser, i get the 403
> Forbidden Error. I have tried my best, and also went thru the whole apache
> manual, but to no avail.i am attaching the httpd.conf file herewith, and i
> would appreciate if someone would help me out ...
> I am sorry if the attachment took a bit longer to download, but that was the
> only way out for me...
> Thanks a lot in advance,
> Guarav
>
> --- original message ---
> >>I am using Apache under Red-Hat 6. it is configured
> >>properly, and displays the .htm files
> >>correctly, but when i try to run a .cgi executable,
> >>it either shows the script source, ar if i
> >>rename the script to .pl the browser gives the save-file-as window.
> >>I read the Apache FAQ, and added
> >>AddHandler cgi-script .cgi
> >>and also the ExecCGI option, using the comanache editor (actually i even
> edited the file by
> >>haned, so i am sure i put it n the proper place.)
> >>The script was chmodded as 775.
> >>Thanks a lot,
> >>Gaurav.
> Gaurav Agarwal
> Webmaster - prayagonline.com
> [EMAIL PROTECTED]
> www.prayagonline.com
>
