Use ScriptAlias
in your host’s
Config file, pointing to a safe location outside your web space. This
makes for better security because the Bad Guys cannot read your
scripts and analyze them for holes. “Security by
obscurity” is not a sound policy on its own, but it
does no harm when added to more vigorous precautions.
To steer incoming demands for the script to the right place (.../cgi-bin ), we need to edit our ... /site.cgi/conf/httpd1.conf file so it looks something like this:
User webuser Group webgroup ServerName www.butterthlies.com #for scripts in ../cgi-bin ScriptAlias /cgi-bin /usr/www/APACHE3/cgi-bin DirectoryIndex /cgi-bin/script_html
You would probably want to proceed in this way, that is, putting the script in the cgi-bin directory (which is not in /usr/www/APACHE3/site.cgi/htdocs), if you were offering a web site to the outside world and wanted to maximize your security. Run Apache to use this script with the following:
./go 1
You would access this script by browsing to http://www.butterthlies.com/cgi-bin/mycgi.cgi.