Index page in cgi-bin

Forum Moderators: phranque

Message Too Old, No Replies

Index page in cgi-bin

Technical reasons this is a bad idea?

SEOMike

6:42 pm on Oct 8, 2010 (gmt 0)

I'm evaluating a potential new client and was surprised to find their index page located in the cgi-bin directory along with several other pages. This doesn't sit right with me. Anyone have any good reason why a site's index shouldn't be in this directory? I realize that this isn't actually the site's root because there are other pages available from the root (url.com/page.html) and that's reason enough for me, but I want to get more information about this. Are there any security concerns with having an index page in the cgi-bin? Aren't the scripts contained in the cgi-bin used to communicate with the backend? It seems like that's somewhere we should keep general visitors out of.

encyclo

1:02 am on Oct 9, 2010 (gmt 0)

There's nothing particularly special about the cgi-bin directory as such, just the scripts that may run in it. This kind of setup is certainly not good practice, but not necessarily risky as such. You should check out what kind of redirect happens from the root to the index file.

Personally, I would look to fixing this with a 301 redirect from the index file in the cgi-bin to an index file in the document root.

SEOMike

3:46 pm on Oct 11, 2010 (gmt 0)

Thanks. I was just curious if the cgi-bin had different permissions on the server than a "regular" directory would. I was thinking it might have execute permissions or something like that which would be dangerous.

They currently 301 their root to the index page in the cgi-bin and they say it has to be in that directory or their backend won't work. Sounds like a strange system to me. I'm not sure if I'm looking forward to learning more or not. :)