On Thu, 22 Jul 1999, you wrote:
-If you haven't changed your httpd.conf, it should be on line 403. Change
-it to:
-Options Indexes Includes FollowSymLinks ExecCGI
This will work but I disagree with it being the "right" solution. It
is better to leave the default to the most restrictive settings
reasonable and open them up on a case by case basis.
-RedHat's configuration is pretty insecure by default and I have seen many
-sites get hacked. On Mandrake, I made sure it was easy enough for
-beginners, while secure.
-
-By the way, don't **ever** put a cgi chmoded 777! It's world writable and
-executable, and anyone with knowledge can take control of your cgis if you
-do that. Please, chmod it to 755.
Very good advice. I "hacked" one of my employers's databases (it's
part of my job :-) using just this technique.
-Jean-Michel
[EMAIL PROTECTED]
-
-On Thu, 22 Jul 1999, Axalon wrote:
-
- Date: Thu, 22 Jul 1999 18:33:01 -0600 (MDT)
- From: Axalon [EMAIL PROTECTED]
- Reply-To: [EMAIL PROTECTED]
- To: "[EMAIL PROTECTED]" [EMAIL PROTECTED]
- Subject: Re: [expert] apache 1.3.6 and .cgi scripts not in cgi-bin
-
-
- Make sure you have a "Options ExecCGI" in the section covering the
- directory in question.
-
-
- On Thu, 22 Jul 1999, Duncan Hall wrote:
-
- I've uncommented the line in httpd.conf
-
- # To use CGI scripts:
- AddHandler cgi-script .cgi
-
- I'm using apache-1.3.6-50mdk
-
- When I try to run a script that is not in the cgi-bin I get the following Error
-
- 403
-
- Forbidden
-
- You don't have permission to access /Weekly/CHARTS/index.cgi on this server.
-
- To test it I have chmod 777 but still no luck.
-
- Before I get flamed about perl scripts not in cgi-bin, this script is on a secure
intranet.
-
- It worked perfectly on redhat 5.2 with apache 1.3.2
-
- Any thoughts
-
- Dunc
-
- --
- //
- Duncan Hall
- SysAdmin/WebMaster
- Viator Systems [ http://www.viator.com ]
- ... e-commerce systems for the travel industry
- tel: +61 2 9361 6137 fax: +61 2 9360 9885
- -//
-
-
-
-
--
Stephen Carville
--
Operating complicated machinery whilst possessed of the
cognitive powers of a sea slug and the disposition
of a polar bear with a toothache is very unwise