The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

I don't give any account CGI access, but all account can running CGI programs!

Discussion in 'General Discussion' started by Jedia, Jul 31, 2004.

  1. Jedia

    Jedia Well-Known Member

    Joined:
    Mar 18, 2004
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    CN
    :confused:
    i don't give any account CGI access, but all account can running CGI programs!??!?!
    they can run CGI programs without in "cgi-bin", what's wrong with it? :confused: :confused:
    my server running RA3+Cpanel stable 65
     
  2. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    Remove the addhandler from httpd.conf
     
  3. Jedia

    Jedia Well-Known Member

    Joined:
    Mar 18, 2004
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    CN
    Thanks, all fine now.
    but what's wrong? does Cp bug?
     
  4. jimjoe

    jimjoe Well-Known Member

    Joined:
    Jan 31, 2002
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    6
    Has there been any fix to this cgi disable issue, so that you don't have to go in and custom edit httpd.conf?

    I don't see how to remove cgi from an account once the account has been created. I know you can 'upgrade/downgrade' an account, but will that remove cgi if it's there? And will it solve the problem above where it's not really disabled even tho it's set for no cgi?

    Thanks!
     
  5. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    If you put

    AddType text/txt .cgi
    AddType text/txt .pl

    within the user's virtualhost entry in httpd.conf you can prevent most users from running them. I believe that an experienced user could still add an .htaccess file to their public_html folder and allow themselves to run cgi under a different extension, though.
     
  6. Jedia

    Jedia Well-Known Member

    Joined:
    Mar 18, 2004
    Messages:
    200
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    CN
    but user can del .htaccess in their public_html dir, how to deny user del .htaccess please?
     
  7. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    You put it in their virtualhost entry in httpd.conf. Not an .htaccess file.
     
Loading...

Share This Page