cgi-bin being blocked

Home Forums BulletProof Security Pro cgi-bin being blocked

Tagged: 

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • April 18, 2014 at 1:15 pm #14977
    Marty
    Participant

    I am trying to develop a separate mobile site in a subdirectory for which I am attaching a cart that is built with perl and cgi much of which will reside in the cgi-bin.  There is something in the secure .htaccess that is blocking access to the cgi-bin but I don’t see what it could be.  When I rename the .htaccess file (effectively disabling it), I then have access to it.  Any ideas?

    April 18, 2014 at 2:01 pm #14988
    AITpro Admin
    Keymaster

    The irony of your Post and the issue is well very ironic.  Using cgi-bin in the Forum Topic URL caused a 403 forbidden error when trying to view this topic.  I had to rename the URL to cgi_bin in order to view this topic since cgi-bin is explicitly blocked in URLs by BPS since this is a dangerous thing to allow.

    There is a cgi-bin security rule in the root .htaccess file.  Copy the entire BPS Query String Exploits section of code to BPS Custom Code, comment out the cgi-bin security filter with a Pound sign #, Save your custom code and then go to the Security Modes page and activate root folder BulletProof Mode.

    the rest of the BPS Query String Exploits code is here
#RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
the rest of the BPS Query String Exploits code is here
    April 18, 2014 at 3:25 pm #14991
    Marty
    Participant

    Can’t believe I missed that.  Thanks for the quick reply.

    April 18, 2014 at 3:55 pm #14992
    AITpro Admin
    Keymaster

    If it was a cgi-bin snake it would have bit you. ha ha ha.

    April 18, 2014 at 5:32 pm #14993
    Marty
    Participant

    You got that right.

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.