Hello,
I have several custom cgi scripts that will be accessible from within CPanel for each customer on the server (one of which is a file manager). I have created an area on the server called /cp-cgi and it's much like the /cgi-sys directory that CPanel uses, where I will put these custom cgi scripts.
I initially had my file manager and a few other custom scripts in the /cgi-sys directory, but I found out that there was no authentication on this directory, and that you could basically type in any domain name that is setup on the server, followed by /cgi-sys/scriptname.cgi, and the file mananger would run on that domain with NO authentication. Basically anyone could access other customers accounts. Not a good thing!
However I am trying to setup authentication on this /cp-cgi directory with no success...
My goal is this... As long as the customer has alredy entered their username and password to enter CPanel they should be able to access this /cp-cgi directory with no problems and with no further authentication. But if you just typed into your browser a domain name followed by /cp-cgi/script.cgi the system should prompt you for a username and password for that domain.
How do I do that? I tried several variations of the following in the httpd.con file, and also in an .htaccess file (minus the Directory statement) in that directory, but I couldn't get it to work:
&Directory &/home/httpd/cp-cgi/&&
AuthName &Control Panel&
AuthType Basic
AuthUserFile /etc/shadow
AuthGroupFile /etc/group
&Limit GET POST&
require valid-user
&/Limit&
&/Directory&
Any ideas of how I can get this to work correctly? Please help!!!
I have several custom cgi scripts that will be accessible from within CPanel for each customer on the server (one of which is a file manager). I have created an area on the server called /cp-cgi and it's much like the /cgi-sys directory that CPanel uses, where I will put these custom cgi scripts.
I initially had my file manager and a few other custom scripts in the /cgi-sys directory, but I found out that there was no authentication on this directory, and that you could basically type in any domain name that is setup on the server, followed by /cgi-sys/scriptname.cgi, and the file mananger would run on that domain with NO authentication. Basically anyone could access other customers accounts. Not a good thing!
However I am trying to setup authentication on this /cp-cgi directory with no success...
My goal is this... As long as the customer has alredy entered their username and password to enter CPanel they should be able to access this /cp-cgi directory with no problems and with no further authentication. But if you just typed into your browser a domain name followed by /cp-cgi/script.cgi the system should prompt you for a username and password for that domain.
How do I do that? I tried several variations of the following in the httpd.con file, and also in an .htaccess file (minus the Directory statement) in that directory, but I couldn't get it to work:
&Directory &/home/httpd/cp-cgi/&&
AuthName &Control Panel&
AuthType Basic
AuthUserFile /etc/shadow
AuthGroupFile /etc/group
&Limit GET POST&
require valid-user
&/Limit&
&/Directory&
Any ideas of how I can get this to work correctly? Please help!!!
