-NoExecCGI and images

**inetbizo** · 01-15-2011 11:28 AM

We're trying to prevent hackers from uploading perl scripts into apache writable folders in our ecommerce packages. Adding -NoExecCGI disables view of images on the rendered page. What would be a good solution to prevent XSS attacks using perl from a post to folder where images are stored?

**ModServ** · 01-17-2011 12:41 PM

This error because of 500 Internal Server Error because of there isn't something named "-NoExecCGI" it's named "-ExecCGI"

To allow it then you have to put "+ExecCGI" to disable "-ExecCGI"

You can put these in the main httpd.conf replacing the current in the " Directory "/" "

PHP Code:


<Directory "/">

    Options -ExecCGI -FollowSymLinks -Includes IncludesNOEXEC Indexes -MultiViews SymLinksIfOwnerMatch

    AllowOverride AuthConfig Indexes Limit FileInfo Options=IncludesNOEXEC,Indexes,Includes,MultiViews,SymLinksIfOwnerMatch

</Directory>

Also you can simply put a rule into Mod Security to prevent working with *.pl...

LinkBack

Thread Tools

-NoExecCGI and images

Re: -NoExecCGI and images

Hosting images.

Images in Images folder not showing on website!!

Apache not loading images/cssApache not loading images/css

Images

Need help with images