The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Virtualhost Conf - Disable Cgi?

Discussion in 'General Discussion' started by JohnnyBgood, Apr 17, 2015.

  1. JohnnyBgood

    JohnnyBgood Member

    Joined:
    Feb 6, 2015
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi guys,

    I'm working my way though making my server more secure - I've created custom httpd.conf files for each of my virtual domains (Because my httpd.conf told me too - I followed a guide, and im sure this was done right)

    My question is --

    If my httpd.conf file has this line:

    AddHandler cgi-script .cgi .pl

    If I put this in my custom conf file:

    # AddHandler cgi-script .cgi .pl

    Will cgi be disabled - or does it take the uncommented AddHandler from the actual conf file?


    I think other things should work, for example, in my custom file, I've put:

    ServerSignature Off
    TraceEnabled Off

    Which I think will override the "On" in the generated httpd.conf file -- what made me wonder is if a commented-out command would override the original file.


    Thanks for the help!

    Kind regards,
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    651
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you clarify the exact method you are using to modify the Apache configuration file? Also, are you attempting to disable Perl for security purposes? If so, I would like to paste to you the response from another analyst regarding a similar request:

    Thank you.
     
  3. JohnnyBgood

    JohnnyBgood Member

    Joined:
    Feb 6, 2015
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks for the reply Michael,

    I'm using Putty to ssh and then using the following command to edit the file...

    pico /var/cpanel/templates/apache2/main.local

    The changes I made stick in the "main.local" file -- but then I try to make the changes go over to the httpd.conf file with the following:

    # Checks changes are ok:
    /scripts/verify_vhost_includes

    # Rebuild apache:
    /scripts/rebuildhttpdconf

    # Restart Apache:
    /etc/init.d/httpd restart



    I'm hoping by disabling cgi -- even if a hacker is able to upload a script (however they do it - I don't know!) -- they wont be able to run the script once they get it on there.

    I've blocked all "bad" functions in PHP (eval,system,exec,etc) -- so if a hacker uploads a hacking shell in PHP - so hopefully they wont be able to do anything. But I don't use perl or cgi - so I'd just like to turn that off completely to stop hacking risks.

    Thanks again.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    651
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  5. JohnnyBgood

    JohnnyBgood Member

    Joined:
    Feb 6, 2015
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks again for your reply,

    But that guide wouldn't work either :(

    Because I'm using virtual hosts - any changes to my httpd.conf will not stay changed.

    I really need to know how I can make changes either in the httpd.conf template, or in a custom .conf file.

    Thanks again!
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    651
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Feel free to open a support ticket using the link in my signature if the methods provided in our documentation are not working as intended. You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
Loading...

Share This Page