Hi,

I need help on the settings for a cgi-bin.
Using IIS5 on win2k (its my home server for testing)

I have UBB (sort of like vBulletin which I may change over to but thats another story)

Basically, UBB stores the usernames and passwords in a subdirectory of the cgi-bin. When I was with my old host they had my CGI bin set up perfectly.

Basically, users can run scripts and thats it. They could not browse the directory and they could not download files even if they knew the file name.

Can anyone PLEASE tell me the settings to do this???
I cant have people downloading usernames and passes from my cgi-bin :(

Sel

Sel,

I'm presuming that you can actually run cgi scripts without a problem?

Have you checked under web properties that -
Script Source Access, Read, Write are enabled?

Also check that you have set the correct execute permissions.
Remeber these must apply to the directory with your script stored on.

Additionally you might want to check that under 'Enable Default Documents' *.cgi and *.pl are included.

You may want to also ensure that 'Active PERL' (latest version) is installed on your machine - it sorted out most of my problems.

Hope this helps

Regards
Eladesor.

Yes. CGI and .pl run perfectly fine. I just dont want the normal web users to be able to browse or download.

I turned off Browsing so thats not a problem. But web users can still download files if they know the name. How do I stop this????
Its my only problem. They can download and I dont want them to be able to...

Sel

Have looked through my system for a solution and can't come up with a drirect 'Yes do this'

You might want to try unchecking the Script Source Access so users cannot access source files.

Will keep looking - if I find the answer I post it !

Regards
Eladesor

..that you DONT want people to download?

Ok, there's most likely a much better way of doing this, but as long as it's just the non pl & cgi files you don't want them accessing you could put the following in an .htaccess file inside the cgi-bin directory.

order deny,allow
deny from all
<Files ~ "\.(pl|cgi)$">
allow from all
</Files>


If you need to allow html or image files just change the 3rd line to:
<Files ~ "\.(pl|cgi|htm|html|gif|jpg)$">

You can add or remove whatever extensions you want, I think you get the point. Hope that helps.

I thought that only worked with Linux.

rgds

Oh shoot... I need more caffeine. Skipped over that win2k part. I know nothing about win2k except my digital camera isn't compadible with it. :D Sorry for any false hope I may have given.

Is anyone out there using UBB or any cgi bbs. They store the passwords in the cgi-bin. But even if you know the filenames you cannot download them even if you point to them directly.

I just wish I had the settings to do this... bah lol

Sel

Have you tried posting this on the UBB site's Bulletin Boards or searching for an answer through there?

http://ubbforums.infopop.com/cgi-bin/ultimatebb.cgi