Question
Right now a user can directly execute something in the cgi-bin directory by using a url http:\someserver\cgi-bin\mycommand
I don't want to allow the user to do that but allow a php script to execute using the code below.
Is this possible? Thanks in advance
https://stackoverflow.com/questions/20152717
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russiandefine ("CGI_CMD_URL_URL", "http://" . $_SERVER['HTTP_HOST'] . "/cgi-bin/mycommand");
// use key 'http' even if you send the request to https://...
$options = array
(
'http' => array
(
'header' => 'Content-type: application/x-www-form-urlencoded\r\n',
'method' => 'POST',
'content' => $data,
),
);
// create context
$context = stream_context_create($options);
// open the stream to get the output from CGI_CMD_URL_URL
$uploadstream = @fopen(CGI_CMD_URL_URL, 'rb', false, $context);
if (!$uploadstream)
{
$_SESSION[ADDITIONAL_MSG] = $php_errormsg;
report_error(SOME_ERROR);
}
// read the result
$result = stream_get_contents($uploadstream);
// close the stream
fclose($uploadstream);
// return data
return $result;
Solution
Yes, with .htaccess in case of Apache Webserver. You must deny all and allow your host only.
http://httpd.apache.org/docs/2.2/howto/access.html
Respect that any self-calling method on your webserver is a try that impacts your server-performance and reduce the possible max client calls on that engine. In my point of view such tasks are worst practice ( in a lot of cases ).
