CGI-Bolt is a web server add-on which can restrict unauthorized CGIs from running.
It is primarily intended for servers where multiple users have uploading privledges, but shouldn't be uploading CGIs. CGI-Bolt can restrict a web server so that only CGIs in the authorized "cgi-bin" folder and its subfolders will operate.
IMPORTANT SECURITY CONSIDERATIONS
You should always test the security of this CGI before depending on it. Try accessing different CGIs in various locations on your server to ensure you get the expected results.
CGI-Bolt uses the following procedure in determining whether a webserver request should be blocked:
1) Checks for the "script_name" parameter from the webserver. Most webservers that support CGIs include this information, but some might not - you should test to be sure. If the "script_name" is not found, the CGI does not restrict access.
2) Checks the last 3 characters of the script_name for "cgi" (case-insensitive). If it doesn't match, the CGI does not restrict access.
3) Checks for a period '.' either one or two characters in front of "cgi". So, if you have "A.cgi", "B.acgi" or "C.fcgi" - they will all be treated as CGIs. However, if you have "D.xxcgi" or "Ecgi", the CGI does not restrict access.
4) Checks if the script_name begins with "/cgi-bin/" (this can be changed in the registered version of CGI-Bolt). If it matches, the CGI does not restrict access.
If a request is determined to be for a CGI, and the cgi is not in the "cgi-bin" folder (or a subfolder) then CGI-Bolt will return an error to the webserver/client - preventing the CGI from running.
It is important that your web server suffix-mappings be configured such that only files ending with .Xcgi (where X is a zero or one characters) can be executed. This includes SCRIPT, CGI, and ACGI. For information on configuring mappings, consult the documentation that accompanied your web server software.
Installing, Configuring and Setting-Up CGI-Bolt
CGI-Bolt must be installed as a "PreProcessor" to function. Not all web servers support preprocessors, so not all web servers support CGI-Bolt. CGI-Bolt will return an error or nothing (depending on the server) if it is run as anything other than a preprocessor.
Please consult your web server documentation for details on whether it supports preprocessors and also for directions on how to install a preprocessor.
If you don't have one already, create a folder called "cgi-bin" (case-insensitive) in the root (top-level) folder of your web server hierarchy.
Registered users can change the name used for the cgi-bin folder by editing the CGI-Bolt CGI or plug-in using a resource editor (such as ResEdit). STR# 10001 "File Names" contains the folder name used by CGI-Bolt. You can change it to any folder path (including sub-folders). It is always parsed relative to the root folder, though.
WebSTAR users can follow this procedure if installing the CGI:
Put cgi-bolt-68k.cgi (cgi-bolt.cgi for registered users) anywhere in your WebSTAR folder hierarchy. I recommend the root or in the cgi-bin folder.
With WebSTAR running, open WebSTAR Admin. Choose: "Miscellaneous Settings" from the "Configure" menu. Set the "PreProcess" to: ":cgi-bin:cgi-bolt-68k.cgi" (or whatever is the path to the cgi).
WebSTAR users can follow this proedure if installing the plug-in (registered users only):
Put cgi-bolt.plugin anywhere in your WebSTAR "Plug-Ins" folder.
With WebSTAR running, open WebSTAR Admin. Choose: "Miscellaneous Settings" from the "Configure" menu. Set the "PreProcess" to: ":enforce.cgibin".
Shareware - Fees for use
You may use CGI-Bolt on a web server for 21 days before you must decide whether to keep it or pay for it.
Pricing
Single computer: US$25 - CDN$30
- unlimited copies used on a single computer
Single RAIC: US$75 - CDN$95
- unlimited copies used on a single web-site (may consist of multiple computers)
Site License: US$500 - CDN$650
- covers all locations for your organization within a 160 kilometer radius of your site.
World-Wide License: US$2000 - CDN$2600
- covers all locations for your organization on the planet Earth.
(Canadian prices only apply to payments sent directly to Grant Neufeld - not through Kagi Shareware - from Canadians only)
Registered users will receive the following via email:
1) A 'FAT' CGI-Bolt CGI
2) A 'FAT' CGI-Bolt WebSTAR plug-in
3) The above will have the option of configuring the cgi-bin folder as described in the section above on configuration.
(Fat means it includes native code versions for both PowerPC and 680x0)
Registered users are also entitled to ask for new features.
You MUST include your email address when making payment to receive the 'FAT' CGI-Bolts.
Payment
Payment can be made by cheque in US or Canadian dollars payable to Grant Neufeld and mailed to:
Grant Neufeld
907, 210 Gloucester Street
Ottawa, Ontario
K2P 2K4 Canada
All other payment types should be made via Kagi Shareware.
Paying for through Kagi is fairly simple. Open the Register program that accompanies CGI-Bolt. Enter your name, your email address, and the number of single user licenses you desire for each program you wish to purchase (or Site or Word-Wide licenses). Save or Copy or Print the data from the Register program and send the data and payment to Kagi.
If paying with Credit Card or First Virtual, you can email or fax the data to Kagi. Their email address is sales@kagi.com and their fax number is +1 510 652-6589. You can either Copy the data from Register and paste into the body of an email message or you can Save the data to a file and you can attach that file to an email message. There is no need to compress the data file, it's already pretty small. If you have a fax modem, just Print the data to the Kagi fax number.
Payments sent via email are processed within 3 to 4 days. You will receive an email acknowledgement when it is processed. Payments sent via fax take up to 10 days and if you provide a correct internet email address you will receive an email acknowledgement.
If you are paying with Cash or USD Check you should print the data using the Register application and send it to the address shown on the form, which is:
Kagi
1442-A Walnut Street #392-GN
Berkeley, California 94709-1405
USA
You can pay with a wide variety of cash from different countries but at present if you pay via check, it must be a check drawn in US Dollars. Kagi cannot accept checks in other currencies, the conversion rate for non-USD checks is around USD 15 per check and that is just not practical. If you have a purchasing department, you can enter all the data into the Register program and then select Invoice as your payment method. Print three copies of the form and send it to your accounts payable people. You might want to highlight the line that mentions that they must include a copy of the form with their payment.
Kagi can not invoice your company, you need to act on Kagi's behalf and generate the invoice and handle all the paper work on your end. Please do not fax or email payment forms that indicate Cash, Check or Invoice as the payment method. There is still no technology to transfer physical objects via fax or email and without the payment, the form cannot be processed.
Payments sent via postal mail take time to reach Kagi and then up to 10 days for processing. Again, if you include a correct email address, you will hear from Kagi when the form is processed.
The Author
Grant Neufeld is the author of "Grant's CGI Framework" (which CGI-Bolt is made with), and the "Mac WWW FAQ".
See my CGIs pages for information about my other CGI projects:
http://arpp.carleton.ca/cgi/
The Mac WWW FAQ:
http://arpp.carleton.ca/mac/
See my vanity page for more insight into who I am and what I do:
http://arpp.carleton.ca/grant/
Contacting me(use one of):
gneufeld@ccs.carleton.ca (At least until October 1996)
grant@kagi.com
grant@acm.org
____________________
WebSTAR is a trademark of StarNine Technologies, Inc.
Macintosh and Mac are trademarks or registered trademarks of Apple Computer, Inc.
CGI-Bolt, Grant's CGI Framework and Mac WWW FAQ are, for those who even bother to read the small print, TradeMarks of Grant Neufeld.
