December 2002
Intermediate to advanced
588 pages
25h 57m
English
Content preview from Apache: The Definitive Guide, 3rd EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Script in cgi-bin
Use ScriptAlias
in your host’s
Config file, pointing to a safe location outside your web space. This
makes for better security because the Bad Guys cannot read your
scripts and analyze them for holes. “Security by
obscurity” is not a sound policy on its own, but it
does no harm when added to more vigorous precautions.
To steer incoming demands for the script to the right place (.../cgi-bin ), we need to edit our ... /site.cgi/conf/httpd1.conf file so it looks something like this:
User webuser Group webgroup ServerName www.butterthlies.com #for scripts in ../cgi-bin ScriptAlias /cgi-bin /usr/www/APACHE3/cgi-bin DirectoryIndex /cgi-bin/script_html
You would probably want to proceed in this way, that is, putting the script in the cgi-bin directory (which is not in /usr/www/APACHE3/site.cgi/htdocs), if you were offering a web site to the outside world and wanted to maximize your security. Run Apache to use this script with the following:
./go 1
You would access this script by browsing to http://www.butterthlies.com/cgi-bin/mycgi.cgi.