[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] htaccess & cgi

Subject: [cobalt-security] htaccess & cgi
From: Mike Vanecek <nospam99@xxxxxxxxxxxx>
Date: Fri, 02 Nov 2001 13:26:54 -0600
Organization: anonymous
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

I have a Qube2 directory password protected with .htaccess of

AddType text/x-server-parsed-html .html .shtml
AuthUserFile /home/groups/home/robolist/meminfo/.htpasswd
AuthGroupFile /dev/null
AuthName "RoboList Members"
AuthType Basic
<Limit GET PUT POST>
require valid-user
</Limit>

It works fine for .html files in the directory.

However, if I have a cgi script in the same directory and do a 

http://<domain>/cgiwrapDir/cgiwrap/robolist/meminfo/who.pl

the script is executed without asking for userid and password. 

I have tried various changes to the htaccess file to include cgi types of
files, but have not hit upon the correct format. Other than putting password
code in who.pl, can anyone suggest changes to the htaccess file to force
password checking for who.pl also.

Thanks,  Mike.

Prev by Date: RE: [cobalt-security] cannt telnet after installing SSH
Next by Date: RE: [cobalt-security] cannt telnet after installing SSH
Previous by thread: RE: [cobalt-security] cannt telnet after installing SSH
Next by thread: [cobalt-security] Suggested Firewalls [raq4r]

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index