LiteSpeed Support Forums

LiteSpeed Support Forums (http://www.litespeedtech.com/support/forum/index.php)
-   CGI/Perl/Python (http://www.litespeedtech.com/support/forum/forumdisplay.php?f=22)
-   -   Close CGI for Litespeed [Help PLS] (http://www.litespeedtech.com/support/forum/showthread.php?t=4642)

nexterr 01-28-2011 05:55 AM
Close CGI for Litespeed [Help PLS]
 
Litespeed webserver installed on my server to use can cgi hosting accounts can I do? Many security risk, for example, causing the CGI hacking with cgi-telnet script is inevitable.

webizen 02-01-2011 10:58 AM
The latest 4.1RC4 (available from below) addresses this concern.

http://www.litespeedtech.com/package...4-linux.tar.gz
http://www.litespeedtech.com/package...6-linux.tar.gz
http://www.litespeedtech.com/package...6-linux.tar.gz

If your lsws reads httpd.conf from control panel, put the below config in your httpd.conf
Code:
<IfModule litespeed>
DisableCgiOverride On
</IfModule>
If you run native lsws config, put "DisableCgiOverride On" in Apache Style Configurations (Admin Console -> Configurations -> Server -> General).

"DisableCgiOverride On" is to prevent user from adding things like "AddHandler cgi-script .cgi .pl" at local .htaccess level.

cgi type context(alias) needs to be removed at virtual host level if you want to completely disable cgi.

Statskij 02-06-2011 11:31 AM
We have installed 4.1RC4 and made all operations in a message above with options -ExecCGI in http.conf but users still can run .cgi scripts. Have anyone suceessfully disabled .cgi in Litespeed?
webizen, maybe you can comment, what else can be wrong on our server?

webizen 02-06-2011 04:02 PM
pm your server temporary access so we can take a look


All times are GMT -7. The time now is 10:12 PM.