In ispconfig manual, I can execute cgi scripts inside of cgi-bin directory. But, I can execute cgi outside of it. And, I place test.cgi inside of it and visit http://example.com/cgi-bin/test.cgi. Apache tell me 404 not found. What's difference between cgi-bin and web directory?
The cgi-bin directory is for executing cgi scripts. Normally you can not execute cgi scripts in the web folder, s it might be that you reconfigured your server to do that. The cgi-bin folder is a alias for www.yourdomain.tld/cgi-bin/ which get added when you enable cgi function in the web site settings in ispconfig.
Thanks Thanks But, I didn't reconfigure. I set up servers with this manual. http://www.howtoforge.com/perfect-server-ubuntu-12.04-lts-apache2-bind-dovecot-ispconfig-3 My configuration is insecure, isn't it?
Thats not a security problem. For a secure website setup it is important that you always enable the suexec checkbox in the website settings so that all cgi processes (inside and outside of the cgi-bin directory) are run as web user and client group of this website.
