Hi Paul, restricting to 127.0.0.1 might actually block your legitimate users, as the POST request comes from their browser's IP, not the server itself. For Apache 2.4, the best practice is usually implementing CSRF tokens in your Perl script or using a Require expr block to check the HTTP_REFERER to ensure the hit is coming from your specific form URL.
Envoyé de mon iPad > Le 7 mai 2026 à 19:07, Stormy-SDLU <[email protected]> a écrit : > > Looking for best practice, please. A <virtualhost> uses html web forms that > pass data to a perl/cgi script /wherever/cgi-bin on the same server -- > unfortunately outside bad actors try to POST unwanted data into that script > directly. > > What is best practice to disallow all access to the cgi-bin except for the > local web form. I have a vague memory of 127.0.0.1 being usable by apache > 2.4.x > > Thanks in advance -- Paul > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] >
