CGI Script Locations & Symbolic Links

CGI Script Locations
With the right Exec statements in the httpd configuration file (see Chapter 2,”Be Careful Who You Talk To: HTTP Basic Security” on page 9) the CGE scripts may be located anywhere on the system. You can also set up the server so that it recognizes files whose names end in *.cgi as CGE scripts.

We strongly suggest you do not do this. It is very hard to keep track of CGE scripts that are scattered all over the file system. Having them all in one cgi-bin directory makes it much easier to monitor them. When using AIX for the server, one can us the audit subsystem to trace write access to them or to the cgi-bin directory. The methods that are needed to implement this are discussed in 10.1.3, “Configuring the Audit Subsystem” on page 153.

In addition, the CGI scripts should not be accessible in the httpd’s data directories. This would allow anyone to get the scripts for analysis.

Symbolic Links
The Web server on AIX will follow symbolic file links. Therefore if you have links pointing to locations outside the server document root the server will be able to access that data if the AIX permissions allow it. We strongly recommend you do not do this; us the Pass statements in the httpd configuration file instead. This makes document locations much easier to track.

The current release of the server will unfortunately not allow symbolic links to be disabled completely.