RE: Apache CGI security / Reverse problem: POST works, GET doesn't

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Happy Monday all,

 

I’m getting closer with my hardened reverse proxy /mod_security.  I’m at the point now where almost everything works, until I get to the GETs. The posts all work fine, the GETs don’t, both to the same cgi executable.   When you don’t go through the proxy the GETs work fine.  Is this something that is intuitive to someone out there?

 

Jeff

 

 

 

From: Carlos Eduardo Maiolino [mailto:maiolinux@xxxxxxxxx]
Sent: Monday, July 16, 2007 5:25 AM
To: users@xxxxxxxxxxxxxxxx
Subject: Apache CGI security

 

Hello Friends.

I need tips to add more security in my Apache Server. Mainly with cgi-scripts,
I use the suEXEC, but, with a cgi-script (perl), I obtain a list of the /etc/passwd.

Example:

#!/usr/bin/perl

system("cat /etc/passwd");


how to solve these problems?

Thank's

 

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux