Apache server. There is a python script in http/cgi-bin which is used to display some content on a page. But a user can then do \<website>/cgi-bin/<script_name> to access it directly, which is a bit ugly. Is it possible to prevent this? The same thing for favicon.ico on http/
Asked
Active
Viewed 949 times
0
Carla is my name
- 109
-
Kind of like how I can do https://cdn.sstatic.net/Sites/serverfault/Img/logo.svg – stark Mar 17 '21 at 19:05
2 Answers
0
It depends if the browser itself runs the script, in which case you can't block it. But if you have a another page that includes it or calls it locally then you can prevent web access to the /cgi-bin/ directory.
In the httpd.conf or vhost include .conf or in an .htaccess file you can put
<Directory "/full/absolute/path/to/website/cgi-bin">
Require all denied
</Directory>
As far as blocking the favicon.ico you can't if you still want people to see it in their browsers. Keep this in mind, anything you block access to, means the browser can't access it. So if you want to block the icon so no one can see it then it is easier to just delete the icon file.
Private_Citizen
- 65
- 5
0
<Directory /path/to/dir>
DirectoryIndex file.cgi
</Directory>
See DirectoryIndex. This doesn't block the client from executing file.cgi, but it does mean that it doesn't have to be part of the URL.
Andrew Schulman
- 8,811
- 21
- 32
- 47