Knowledge Base / How to Disable CGI through .htaccess

Home / Knowledge Base / How to Disable CGI through .htaccess

Warning:

This is an unsupported solution. Back up your server before you perform this action.

Overview

To prevent the use of CGI scripts in directories other than cgi-bin, you must disable individual .htaccess files’ ability to override the server settings.

This procedure disables many of the commonly-used website scripts that depend on this functionality (for example: WordPress and Joomla). You should only use this procedure as a last resort.

How to disable CGI through .htaccess

To disable CGI through .htaccess, perform the following steps:

  1. Log in to your server via the command line as the root user.
  2. Change to the /usr/local/apache/conf/ directory:
    1
    cd /usr/local/apache/conf/
  3. Make a backup of your httpd.conf file:
    1
    cp httpd.conf httpd-old.conf
  4. Locate the section similar to the following example:
    1
    2
    3
    4
    <Directory "/">
        Options +ExecCGI +FollowSymLinks +Includes +IncludesNOEXEC +Indexes -MultiViews +SymLinksIfOwnerMatch
        AllowOverride All
    </Directory>
  5. With your preferred editor, edit httpd.conf and change the line AllowOverride All to AllowOverride None

    Note:

    Icon

    Because every configuration is different, read http://httpd.apache.org/docs/2.2/mod/core.html to see where the AllowOverride line should go.

  6. Run the distiller with the following command:
    1
    /usr/local/cpanel/bin/apache_conf_distiller --update 

Your server will now only allow cgi scripts to run in the cgi-bin directories.

How to re-enable CGI through .htaccess

If you wish to restore cgi access to directories other than cgi-bin, perform the following steps:

  1. Log in to your server through the command line as the root user.
  2. Change to the /usr/local/apache/conf/ directory:
    1
    cd /usr/local/apache/conf/ 
  3. Restore the original httpd.conf file:
    1
    2
    rm httpd.conf
    mv httpd-old.conf httpd.conf
  4. Run the distiller with the following command:
    1
    /usr/local/cpanel/bin/apache_conf_distiller --update

Posted in: Cpanel

Best Small Business Hosting Services. YOUR E-BUSINESS IS OUR JOB!