httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeff Murch" <jmu...@cox.net>
Subject RE: [users@httpd] Apache CGI security / Reverse problem: POST works, GET doesn't
Date Mon, 16 Jul 2007 14:36:12 GMT
Happy Monday all,

 

I'm getting closer with my hardened reverse proxy /mod_security.  I'm at the
point now where almost everything works, until I get to the GETs. The posts
all work fine, the GETs don't, both to the same cgi executable.   When you
don't go through the proxy the GETs work fine.  Is this something that is
intuitive to someone out there?

 

Jeff

 

 

 

From: Carlos Eduardo Maiolino [mailto:maiolinux@gmail.com] 
Sent: Monday, July 16, 2007 5:25 AM
To: users@httpd.apache.org
Subject: [users@httpd] Apache CGI security

 

Hello Friends.

I need tips to add more security in my Apache Server. Mainly with
cgi-scripts, 
I use the suEXEC, but, with a cgi-script (perl), I obtain a list of the
/etc/passwd.

Example:

#!/usr/bin/perl 

system("cat /etc/passwd");




how to solve these problems?

Thank's

 


Mime
View raw message