#1
  1. Contributing User
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jun 2003
    Location
    Thessaloniki
    Posts
    1,285
    Rep Power
    13

    Question Source Code viewed as plain text


    I wite Python scripts:

    i noticed for a forum member that people coudl access my all my python scripts as:

    http://superhost.gr/~nikos/cgi-bin/metrites.py

    is there someway to not make this viewable?
    What is now proved was once only imagined!
  2. #2
  3. Contributing User
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jun 2003
    Location
    Thessaloniki
    Posts
    1,285
    Rep Power
    13
    And as i see even more worse:

    http://superhost.gr/~nikos/cgi-bin/

    all filenames of my python scripts are listed as palin text so for the worls to see.
    What is now proved was once only imagined!
  4. #3
  5. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2013
    Location
    Saint-Petersburg, Russia
    Posts
    240
    Rep Power
    29
    you can use .htaccess file to deny access to some or any files inside given folder etc.
  6. #4
  7. Contributing User
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jun 2003
    Location
    Thessaloniki
    Posts
    1,285
    Rep Power
    13
    i have created in ~/www/.htaccess with the option of:

    IndexIgnore *

    Now the listing has been dissappeared.

    But if someone know the filename of a python file he cna still access it as:

    http://superhost.gr/~nikos/cgi-bin/filename.py

    like for example: http://superhost.gr/~nikos/cgi-bin/metrites.py

    My scripts can be seen by filename request.
    What is now proved was once only imagined!
  8. #5
  9. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2013
    Location
    Saint-Petersburg, Russia
    Posts
    240
    Rep Power
    29
    What is the problem with googling how to use .htaccess for hiding some files?

    Example
  10. #6
  11. Contributing User
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jun 2003
    Location
    Thessaloniki
    Posts
    1,285
    Rep Power
    13
    I just did, hence my previous post.

    But that directive alone does not help much.
    What is now proved was once only imagined!
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Oct 2009
    Location
    Nebraska, USA
    Posts
    875
    Rep Power
    276
    go into your apache.conf/httpd.conf file and make sure mod_cgi module is loaded and that you have a line down in your Script-Alias section that starts like this AddHandler cgi-script .

    It should already have .cgi .pl there next to it, so, just add .py to the end of that list, save the file and restart Apache.
    If you , then, start getting 500 errors when trying to load the .py files, make sure the file are set with chmod+x and chowned by the apache user [either "nobody" or "www-data" or similar]
  14. #8
  15. Contributing User
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jun 2003
    Location
    Thessaloniki
    Posts
    1,285
    Rep Power
    13
    I will try that, that is supposed to tell Apache the .py extension are to be handled as executable scriprs rather than to be served as plain texts?
    What is now proved was once only imagined!
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Oct 2009
    Location
    Nebraska, USA
    Posts
    875
    Rep Power
    276
    Originally Posted by Nik
    that is supposed to tell Apache the .py extension are to be handled as executable scripts rather than to be served as plain texts?
    Yes, it will allow Apache2 to serve the .py extension as cgi-scripts instead of plain text.
  18. #10
  19. Contributing User
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jun 2003
    Location
    Thessaloniki
    Posts
    1,285
    Rep Power
    13
    Thank you it worekd.

    I didnt find any line containing mod_cgi though

    and i dint had to chowned by the apache user [either "nobody" or "www-data" or similar] (Why do you say this?)

    i just add the '.py' extension next to AddHandler cgi-script.

    And it worked. Is this correct though?
    What is now proved was once only imagined!
  20. #11
  21. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Oct 2009
    Location
    Nebraska, USA
    Posts
    875
    Rep Power
    276
    If it worked, then, what you did is correct.

    And, since you didn't find mod_cgi in your .conf file it means you are most likely using some Linux Distro....which uses a different way of enabling/disabling the modules.

    but, again, since it worked, it means that mod_cgi module is already enabled.

    As for the purpose of chowning the files , its something I read in my research...if you would've gotten a 500 error while trying to run the .py file on the webserver, in my research, it meant that there were permissions issues. But, you didn't get that , so, it can be disregarded.

    Glad its working for you now.
  22. #12
  23. Contributing User
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jun 2003
    Location
    Thessaloniki
    Posts
    1,285
    Rep Power
    13
    Yes iam using CentOS v6.4

    But the cgi-bin folder is set to 755, permission issues i ahve only if its not 755.
    That ehen Apache cant access it.

    and the owner of the cgi-bin is nikos.

    i thinks its not an issue of who ones the cgi-bin folder but what perms the folder is set to.
    What is now proved was once only imagined!

IMN logo majestic logo threadwatch logo seochat tools logo