• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

CGI-BIN scripts not executing.

B

Brian Clarke

Guest
Hi Guys..

I am moving domains from a dedicated server which runs windows to a new server running linux with a plesk control panel version 9.2.2.

On the old server I have hosts that call php files in the cgi-bin (always been advised to put sensitive files in a cgi-bin preferably not in the web site folder). This is how plesk would have it anyway and it defaults to a cgi-bin above the httpdocs folder.

So when I move the sites, any call to cgi-bin is directed to <domain>/cgi-bin not <domain>/httpdocs/cgi-bin as it was on the windows server.

I have made a copy of domain/conf/httpd.include file and note

</IfModule>
ScriptAlias /cgi-bin/ /var/www/vhosts/balloonavailability.co.uk/cgi-bin/ Alias /plesk-stat /var/www/vhosts/balloonavailability.co.uk/statistics/
<Location /plesk-stat/>
Options +Indexes
</Location>


It appears that this file sends all my cgi-bin/XXXX.php calls to the <domain>/cgi-bin folder.
This would be ok, however when a script is placed in this folder it will not execute, it just asks the user do you want to download this file?
(I have checked folder permissions 750, but file permissions are 644 (no execute) and I am unable to change them)

I don’t mind that the plesk system demands that I put scripts in the cgi-bin folder, but if it does it must allow them to execute.

It would be better if the system allowed me to have a cgi-bin folder under httpdocs, i.e. <domain>/httpdocs/cgi-bin/etc...

This cannot just be a problem for me surely, with all systems deployed this must have come up before?

I can run php scripts anywhere in the httpdocs folder as long as they are not refered to as in a cgi-bin folder, but some sites have been developed calling the cgi-bin and these sites now fail.

Notes from a other searches....

//*****
Tips and Suggestions

CGI-BIN:
On our server CGI scripts can be executed in all directories! The main complaint that users of the PLESK system have always had is that the cgi-bin directory is outside of the main Web directory (httpdocs). Most other system have the cgi-bin folder inside the main folder, and many standard CGI scripts do therefore not work without changing paths in/to these scripts. This can be tiresome. We therefore enabled the server to execute CGI scripts anywhere, in any directory (you still have to set the permissions right, of course ... chmod 755, and so forth). In other words, you can, if you like, create a CGI-BIN folder within the httpdocs folder to store your cgi scripts there. Perl scripts (.pl), on the other hand, can only be executed in the original CGI-BIN folder.
One more point: PSA utilizes Suexec as a CGI wrapper for security. The Suexec wrapper prevents the CGI script from having permissions set over 755. Scripts should run fine with 755 permissions.

Pre-installed Scripts

To do this you have to modify the httpd.conf file - there will be a section in this file that's commented out -

# AddHandler allows you to map certain file extensions to "handlers",
# actions unrelated to filetype. These can be either built into the server
# or added with the Action command (see below)
#
# If you want to use server side includes, or CGI outside
# ScriptAliased directories, uncomment the following lines.
#
# To use CGI scripts:
#
# AddHandler cgi-script .cgi

remove the "#" in front of the last line, save the file, restart apache.
//*****

O.K. My file is not called httpd.conf its called httpd.include, also it does not refer to AddHandler.
Taking out the lines..

ScriptAlias /cgi-bin/ /var/www/vhosts/balloonavailability.co.uk/cgi-bin/
(its refered to twice once for port 80 and the other for the secure port.

This has no effect after restarting the server.


Plesk offer free support for the first month from installation, but advise me that as the panel was supplied by a reseller I have to apply to them and they appear to be struggling with this or are just overloaded and have not resolved it after two days.

Anyone there that knows what I am talking about? Have you had a similar problem? have you resolved it, or do you have a work around?

Help would be greatly appreciated.

regards
Brian
Computaphile
 
So CGI-BIN for cgi scripts not php scripts..

Got a reply from my reseller, php scripts will not run in the cgi-bin because only cgi scripts are enabled to run in that folder as a default....

Sounds reasonable... So I have been under the assumption that it was sensible to put sensitive scripts in a folder, not in the main web folder, for security purposes. That is scripts that access databases etc. and cgi-bin folder is made just for that?

Other servers I have used (windows) have a cgi-bin in the main web folder and I had always assumed that this was a protected folder and have put php scrits in there and have had no issues..

So when moving to linux I naturally assumed that I would be able to use the same named folder in the same way. Nothing natural about my assumption apparently.

So to sum up, wasted two+ days trying to achieve something that was not supposed to happen.

However I have used linux servers that do allow php scripts to run in their cgi-bin so what is happening there?


Is this normal pr not?


regards
Brian
 
Back
Top