We might decide to disable CGI on the server because of the consequences that weak CGI scripts can have on our server security.
If any vulnerable holes are found and the hacker uploads and runs a CGI script, they can get even root access to the server.
Well then, how to disable this in a cPanel box running on Apache web-server ?
You can turn off ExecCGI by unchecking the following via WHM :
Service Configuration > Apache Configuration > Global Configuration > untick ExecCGI
But even with this configuration in running state, your normal users can enable it via .htaccess file by passing ExecCGI with ‘Options‘ directive ( which you don’t disable as users need it)
So to make sure your users do not run cgi scripts, you can take out CGI privilege by modifying the already existing accounts created in the server.
Home » Account Functions » Modify an Account
When this is in-effect, the following gets added to the VirtualHost section of the account :
Options -ExecCGI -Includes
RemoveHandler cgi-script .cgi .pl .plx .ppl .perl
Thank you very much. By the way, it is also good to deactivate suexec if the module is loaded since it manages CGI users. CGI is less and less used today and for every CGI job it is possible to write a PHP script. So, rather than keeping CGI scripts, we should encourage to only use PHP scripts because CGI scripts can crash any version of apache still today.
Thank you for the suggestion.
Thank you very much. By the way, it is also good to deactivate suexec if the module is loaded since it manages CGI users. CGI is less and less used today and for every CGI job it is possible to write a PHP script. So, rather than keeping CGI scripts, we should encourage to only use PHP scripts because CGI scripts can crash any version of apache still today.
Thank you for the suggestion.
Thanks for the easy and quick solution
You are most welcome
Thanks for the easy and quick solution
You are most welcome