# Apache listing contents of cgi-bin files



## mdudley (Jul 11, 2018)

I just brought up a new server with Freebsd 11.2, and the latest 2.4 version of Apache.  Right out of the box, after installation, I tested the data directory, and got the expected default message of "It works!".  Then I tested the default cgi script of test-cgi in the cgi-bin directory after adding the shebang path.  I have modified nothing, everything is the default.

I was surprised that instead of executing the script it displays the contents.


```
Browsing to:

192.168.1.187

#! /bin/sh

# To permit this cgi, replace # on the first line above with the
# appropriate #!/path/to/sh shebang, and set this script executable
# with chmod 755.
#
# ***** !!! WARNING !!! *****
# This script echoes the server environment variables and therefore
# leaks information - so NEVER use it in a live server environment!
# It is provided only for testing purpose.
# Also note that it is subject to cross site scripting attacks on
# MS IE and any other browser which fails to honor RFC2616.
```

The httpd.conf contains the appropriate ScriptAlias directive and directory information.  After some investigation I found the line:


```
#AddHandler cgi-script .cgi.
```

and uncommented it.  Restarted Apache, and even tried rebooting, but still lists the contents instead of executing them.  I changed the permissions on the file to not allow execution, which should have generated a permissions error, but instead it once again listed the contents of the file.

I tried some perl scripts and still have the same problem.

I have installed Apache a dozen times, and have  never seen this before.  It is surprising that it is acting this way right out of the box.

Anyone ever experienced this, and does anyone know what to do to fix it?

Thanks,

Marshall


----------



## ShelLuser (Jul 11, 2018)

When in doubt check your logs. That should give you a clear indication as to what is happening here.

My assumption though is that you didn't enable mod_cgi.so and/or mod_cgid.so because this is what I find in my sample config:


```
<IfModule !mpm_prefork_module>
        #LoadModule cgid_module libexec/apache24/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
        #LoadModule cgi_module libexec/apache24/mod_cgi.so
</IfModule>
```


----------



## mdudley (Jul 11, 2018)

ShelLuser said:


> When in doubt check your logs. That should give you a clear indication as to what is happening here.
> 
> My assumption though is that you didn't enable mod_cgi.so and/or mod_cgid.so because this is what I find in my sample config:
> 
> ...



Thanks.  I uncommented those two LoadModules, and it now works.

Marshall


----------

