Prevent +ExecCGI if is cgi disabled *template changes*

Version 1.43


If CGI is not enabled for a domain, .htaccess files should not be allowed to add ExecCGI Change all virtual_host2*.conf templates to add this at the top: |?ALLOW_OVERRIDE=AllowOverride AuthConfig FileInfo Indexes Limit Options=Indexes,Includes,IncludesNOEXEC,MultiViews,SymLinksIfOwnerMatch,FollowSymLinks,None| and this within the <Directory |DOCROOT| section: |*if CGI=""| |ALLOW_OVERRIDE| Options -ExecCGI |*endif| What this does, is specifies what options are allowed if cgi is disabled, and also disables cgi. The old values have also been removed from the templates, as they're redundant to the global defaults set under /etc/httpd/conf/* Options +Includes -Indexes

Interested to try DirectAdmin? Get a 30-day Free Trial!