Hey Falko and Till, I have an issue with the Standard CGIs checkbox on the sites panel. My understanding was that it was blocking access to CGIs when not checked but it seems that even unchecked I am able to use the CGIs in /usr/lib/cgi-bin by using ScriptAlias in the Apache Directives. When making a diff on the /etc/apache2/vhosts/Vhosts_ispconfig.conf and its previous version I see there is absolutely no change when checking or unchecking this option. So my questions would be : what is it for exactly ? How is it suppose to work ? If it can help here is my configuration : - Debian etch Stable 64bits - Apache 2.2.3 - PHP 5.2.0.8 - ISPConfig 2.2.21 (same problem before upgrade on 2.2.19) I don't think this is a bug, all my CGIs are working (viewvc, nagios2...) but I don't really like the fact that any client can access the CGI by adding a simple ScriptAlias ... Thanks in advance Keep up the great work LeTic
If their is any cgi scripts placed by the system administrator in the folder Code: /root/ispconfig/standard_cgis/cgi-bin When you check standard cgis. Then it should copy the cgis from the standard-cgi folder to the appropriate webs cgi-bin folder for use.
Hi Daveb, Thanks for the answer. So I guess there is no way to prevent a client from using CGIs with ScriptAlias once the cgi module is enabled ? LeTic
If you activate cgi for a web then yes they should be able to use cgi scripts but if cgi is not enabled then no the web should not be able to use cgi scripts. If you still can use cgi even if cgi is disabled then you might want to look at your main apache2 conf and make sure that their is no alias for cgi-bin enabled.
So that means, becaus I ran in a similar problem, the "cgi-bin" folder in the webs home dir is for standardcgi files from the path "/root/ispconfig/standard_cgis/cgi-bin" only? Because if i hit www.mydomain.com/cgi-bin/anything.cgi, the log says 404, /home/www/webxx/web/anything.cgi is not found. EDIT: The above mention function is not working. I copied a cgi file to "/root/ispconfig/standard_cgis/cgi-bin", enabled standard-cgi afterwards, but it is at first not copied to the web's cgi-bin folder, and as described I get the 404 anyway, because the cgi-bin folder is not accessible.
hmm works fine here. make sure your cgi files in /root/ispconfig/standard_cgis/cgi-bin are chmod 755. when you enable standard cgis all that is done is they are wrote to the cgi folder, but you must still enable cgi scripts to use cgi scripts. no, you can upload all the cgis you need. the /root/ispconfig/standard_cgis/cgi-bin/cgi's are for say standard cgis of your choice you would like your users to use or say some sort of test file so the new web owner can test.
Well that's my problem. All website can use CGIs even when it's unchecked in ISPConfig site tab. Concerning my Apache configuration here are the details : In /etc/apache2/apache.conf I have the following : Code: <Directory /var/www/*/cgi-bin> Options ExecCGI -Indexes AllowOverride None AllowOverride Indexes AuthConfig Limit FileInfo Order allow,deny Allow from all <Files ~ "^\.ht"> Deny from all </Files> </Directory> Which is in ISPConfig part of the file. /etc/apache2/mods-enabled/cgi.load Code: LoadModule cgi_module /usr/lib/apache2/modules/mod_cgi.so But in all my vhost I'm able to use the cgi by adding ScriptAlias in the Apache directives ie Code: ScriptAlias /nagios2/cgi-bin /usr/lib/cgi-bin/nagios2 I made a grep on all /etc and couldn't find any conf files that would change the CGI behaviour. From what I could read in Apache documentation ScriptAlias is enough to make cgi-bin working (no need for ExecCGI), so I think it's not possible to prevent clients from running the cgi-bin installed on the server except I guess with a deny from all on /urs/lib/cgi-bin which could be overridden as well in the apache directives by the client. What do you think ? LeTic
Yes, the file was with the right rights. But for my opinion ISPCOnfig should not care when copying. But anyway, ISPConfig did not copy at all, but mabye becasue I did not check both checkboxes, instead I just checked the standardcgi one...
@letic that is fine as that is added by ispconfig didnt realize that but a normal user "customer" dont have the access to add or change apache directives. only Admin and resellers from what I can tell. @Ben I agree ispconfig dont care when coping but your cgi will need to be executable and the only way I have been able to accomplish that is to chmod 755 my cgis before they are copied.
@daveb: i see. but I just reproduced it. Had myfile.cgi with chmod 755 in the mentioned dir but it was not copied.
by chance is their a file in your cgi-bin dir .csc if so I had a problem coping cgis over a second time. I deleted that file then reenabled standard cgis for web and then they were copied.
I'm not sure if this is same problem. Up until I started using ISPconfig 2.2.21 my cgi scripts were working fine. I now find if I check the CGI scripts for a server instead of getting a ScriptAlias /cgi-bin/ /var/www/web5/cgi-bin/ I get Alias /cgi-bin/ /var/www/web5/cgi-bin/ with a bit of poking about I found config.lib.php has Code: $cgi = ""; if($web["web_cgi"] == 1) $cgi = "Alias /cgi-bin/ ".$mod->system->server_conf["server_path_httpd_root"]."/"."web".$web["doc_id"]."/"."cgi-bin/ AddHandler cgi-script .cgi AddHandler cgi-script .pl"; /* if($web["web_cgi"] == 1) $cgi = "ScriptAlias /cgi-bin/ ".$mod->system->server_conf["server_path_httpd_root"]."/"."web".$web["doc_id"]."/"."cgi-bin/ AddHandler cgi-script .cgi AddHandler cgi-script .pl"; */ Changed "Alias" to ScriptAlias" and that fixed my problem. regards, Tom.
