The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP Security

Discussion in 'Security' started by HARD, Jan 10, 2007.

  1. HARD

    HARD Member

    Joined:
    Jul 21, 2005
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Hello ,

    I would like to ask you about a few things

    1. How can i disable using local php.ini files ? i read about setting allowoverride but does it has anything to do with the php.ini file ? or just with htaccess ?

    2. i have cPanel installed ... how can i set specific settings for users ? i cant find users configurations in httpd.conf file ... where does it located? or how it can be set in the main httpd.conf file

    3. i tryed to disable "cgi access" for some user but he still able to use files with ".pl" extension and execute perl scripts is that a bug in cPanel ? or am i missing something ?
     
  2. HARD

    HARD Member

    Joined:
    Jul 21, 2005
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Any Help ?

    any body can comment on what i wrote ?
     
  3. mOdY

    mOdY Well-Known Member

    Joined:
    Dec 25, 2004
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    6
    Hello,

    May be you need to comment out those lines from httpd.conf

    AddHandler cgi-script .cgi
    AddHandler cgi-script .pl
    AddHandler cgi-script .cgi .pl

    This will totally prevent execution of cgi scripts..

    Also you may need to let cpanel run it's own cgi script smoothly..

    Add this in httpd.conf


    <Directory /usr/local/cpanel>
    Options +ExecCGI -Includes
    AddHandler cgi-script .cgi
    </Directory>


    Now let script kiddies search for another way to break in ;)
     
Loading...

Share This Page