-NoExecCGI and images

inetbizo

inetbizo

Well-Known Member
Mar 28, 2008
90
2
58
Ocala, Florida, United States of America
cPanel Access Level
Root Administrator
Twitter
We're trying to prevent hackers from uploading perl scripts into apache writable folders in our ecommerce packages. Adding -NoExecCGI disables view of images on the rendered page. What would be a good solution to prevent XSS attacks using perl from a post to folder where images are stored?
 
ModServ

ModServ

Well-Known Member
Oct 17, 2006
337
5
168
Egypt
cPanel Access Level
Root Administrator
This error because of 500 Internal Server Error because of there isn't something named "-NoExecCGI" it's named "-ExecCGI"

To allow it then you have to put "+ExecCGI" to disable "-ExecCGI"

You can put these in the main httpd.conf replacing the current in the " Directory "/" "

PHP: 
<Directory "/">
    Options -ExecCGI -FollowSymLinks -Includes IncludesNOEXEC Indexes -MultiViews SymLinksIfOwnerMatch
    AllowOverride AuthConfig Indexes Limit FileInfo Options=IncludesNOEXEC,Indexes,Includes,MultiViews,SymLinksIfOwnerMatch
</Directory>
Also you can simply put a rule into Mod Security to prevent working with *.pl...
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
C SOLVED Images not displaying with HTTPS Security 4
sneader How to enable Hotlink Protection, but allow images in eBay auction? Security 9
G How can I prevent people from downloading my images? Security 1
A How do I use images outside my website? Security 4
Q after upgrade from EasyApache jommla stop and security images Security 9
Similar threads
SOLVED Images not displaying with HTTPS
How to enable Hotlink Protection, but allow images in eBay auction?
How can I prevent people from downloading my images?
How do I use images outside my website?
after upgrade from EasyApache jommla stop and security images
Top Bottom