Abyss slow and then sending exe file instead of running it

 
Post new topic   Reply to topic    Aprelium Forum Index -> FastCGI/CGI
View previous topic :: View next topic  
Author Message
Rickeman
-


Joined: 24 Sep 2006
Posts: 2

PostPosted: Sun Sep 24, 2006 2:09 pm    Post subject: Abyss slow and then sending exe file instead of running it Reply with quote

My scripting parameters says

SCRIPT PATHS
/*.exe

and it is working fine most of the time. My exe files are run and generating pages which Abyss sends to the client.

But, if I reboot WindowsXP and then run Abyss it is extremely slow the first time I request an exe file. When about 15 seconds have gone it sends me the exe file however the expected result should be the page the exe file generated. This is a security risk, I have so far eliminated it by requesting an exe file from Abyss as fast as I can after a reboot because after one request of an exe file it works as it should again.

Does Someone know what is wrong (with me :\)?
Is this a bug?

I run the newest version of Abyss Web Server on WinXP, and not as a service. The problem was there in the previous version too if I remember correctly.
Back to top View user's profile Send private message
TRUSTAbyss
-


Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA

PostPosted: Sun Sep 24, 2006 6:27 pm    Post subject: Reply with quote

Why are you telling "Abyss Web Server" to execute all exe files? What if a user
uploaded a virus, that could destroy your computer. You should put CGI exe files
in a different folder and add the folder to the Scripts Path.

Create a folder in your htdocs called "cgi-bin" and add it to the Scripts Path.
Remove the /*.exe pattern and add: /cgi-bin
Back to top View user's profile Send private message Visit poster's website
aprelium
-


Joined: 22 Mar 2002
Posts: 6800

PostPosted: Mon Sep 25, 2006 1:07 pm    Post subject: Re: Abyss slow and then sending exe file instead of runni Reply with quote

Rickeman,

Abyss Web Server will obey to your configuration choices. If you tell it to consider any .exe file as an executable, it will do so and launch any requested .exe file as you said. In such a case, the security risk comes from your bad configuration, not from the server itself.

So it's up to you here to put more restrictive Script Paths: put there only the full virtual paths of .exe files that are CGI/FastCGI applications so that only these ones are executed by the server and the rest are served as normal files.

If the problem persists, please send your abyss.conf file to support@aprelium.com with a detailed explanation of the problem and the tests you made.
_________________
Support Team
Aprelium - http://www.aprelium.com
Back to top View user's profile Send private message Send e-mail
Rickeman
-


Joined: 24 Sep 2006
Posts: 2

PostPosted: Mon Sep 25, 2006 8:27 pm    Post subject: you missunderstood the problem Reply with quote

Well, whether or not it's a security risk to have the SCRIPT PATH set to /*.exe is not the problem here. None has permission to upload files anyway. I shouldn't have mentioned this fact, because frankly, it is irrelevant.

I made some research, and the server isn't really sending the exe file to the client. In Firefox it seems like the client receives the file. And if the client click download to disk it seems like it does. But Firefox only creates an empty file with the name of the requested file on the client's hard drive. My mistake, I should have examined this before posting here.

In IE I only get a blank page.

In Opera I get the message that the page is currently unavailable.

But in all three browsers it works fine if I just reload the page after this.

If I terminate Abyss and start it again the bug is not there. It is only when I have rebooted the machine Abyss seems to do weird stuff the first time a client request an exe file. Could it be any other program I am running which disturbs Abbys somehow?

Abyss is working fine when the client request ordinary html pages after a reboot of my computer running Abyss. But the very first time Abyss is supposted to launch an exe file, it fails.

Adjusting the SCRIPT PATH has nothing to do with this bug. But what can have something to do with it?
Back to top View user's profile Send private message
aprelium
-


Joined: 22 Mar 2002
Posts: 6800

PostPosted: Tue Sep 26, 2006 1:24 pm    Post subject: Re: you missunderstood the problem Reply with quote

Rickeman,

In order to help us diagnose the problem, please do the following:
* Stop Abyss Web Server
* Archive or make a copy of log/access.log file if you need it.
* Delete log/access.log
* Restart Abyss Web Server
* Download Baretail from http://www.baremetalsoft.com/baretail/index.php . Run the program and set it to track the log/access.log file. Each page you'll access on the site should be immediately added to that file and visible through Baretail
* Now redo the steps you have described to test this .exe file access. Are all the .exe accesses logged? Could you post here the log/access.log file contents after that test session. Which log lines correspond to the "bad" behavior from the browser?
_________________
Support Team
Aprelium - http://www.aprelium.com
Back to top View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> FastCGI/CGI All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group