How to Disable CGI Scripts
To disable CGI scripts such as .cgi
, .pl
, etc, You need to turn off CGI within the Apache configuration, like so:
Options -ExecCGI
For control panel users, you may need to modify the related template to make the change permanent.
You must also prevent users from overriding the ExecCGI option. Do so with the DisableCgiOverride option by adding the following to /etc/apache2/conf.d/includes/pre_main_global.conf
:
<IfModule LiteSpeed> DisableCgiOverride On </IfModule>
When DisableCgiOverride is ON
, it will impossible to add new CGI scripts through .htaccess
. If you need to add a new CGI script handler, you have to do it in the virtual host config file, like this:
Options -Indexes +ExecCGI AddHandler cgi-script .pl
For more information, please read Closing the Loopholes.