Disallowing access to parts of directory

[MemphiS]

http://mysite.com/cgi-sys/scgiwrap/

 

i wish to block this as its a security risk but im not sure how i can so if anyone knows please post

 

 

Thanks also if you know of any other security directories i need to block..

[scrupul0us]

<directory "/cgi-sys/scgiwrap/">

options None

allowoverride None

order deny, allow

deny from all

allow from 127.0.0.1

<directory>

 

put that in your httpd.conf

[MemphiS]

Where do i find the httpd.conf...?

[steviewdr]

In the folder scgiwrap, put a .htaccess file with:

 

deny from all

 

-steve

[MemphiS]

I look in File manager and the folder doesnt exist well thats what it says even though it clearly does exist... so i cant make a .htaccess o deny all :/

[MemphiS]

bump.. need to get this fixed... Ive check within all folders and changed the url address to directory to find the folder but it says internal error - couldnt find folder.. Extremly annoying.

[steviewdr]

As scrupul0us said, you need to find your httpd.conf. You said you could not find it? Did you do a "search" or a "Find Files"?

 

If its windows look in:

C:\Program Files\Apache Group\Apache2\conf

 

If its linux, look in:

/etc/apache2/

 

When you get httpd.conf, put the code, scrupul0us gave you.

 

-steve

[MemphiS]

using linux.. with cPanel

 

/etc/ has nothing in it that refers to /apache2/ ???

[steviewdr]

Hummm.... if there is no apache in /etc/ it mustnt be a typical install.

Check in /usr/apache or /usr/local/apache or /services/apache

 

Now specifically, it is not a security risk IMO that cgi-sys is there. Are the cgi files listed when you go to http://mysite.com/cgi-sys/scgiwrap/ ? That would be bad. But if there is no listing of files, it'd be fine.

 

Anyways, if you cant find httpd.conf or apache2.conf (which you should be able), here is a messy hack which may work:

 

In your web root, /var/www/

create a .htaccess file with this in it:

Redirect 301 "/cgi-sys/" http://mysite.com/

 

-steve