XAMPP Security: Cleaning the cgi-bin folder
This article is part of a series of articles about making XAMPP more secure. See the overview page for all the security measures.
By default, XAMPP installs a script called “printenv.pl” into your c:\xampp\cgi-bin directory. This script will show the values of all your environment variables on a web page. This could provide extra information to a hacker trying to compromise your site. I suggest deleting this script if you kept your cgi-bin folder. The other scripts, cgi.cgi and perltest.cgi are pretty harmless, but if you don’t need them, you might as well delete them.
Next Step
Now we’re ready for the next step to add additional password protection.
Hi! Your guide here is great!
Just one thing — not sure when this changed, but I just installed XAMPP 1.6.5, and removing the .pl script from the cgi folder as you noted above does not remove the environment variables from the error pages. To do this, you have to look in \xampp\apache\error\include\bottom.html. Remove the following instructions from the 11th line:
which can be found before the closing tag.
I’m not sure which version of XAMPP changed the delivery of the error pages, but this will remove the software information from the bottom of the error pages, leaving only the website name and date.
Awesome guide! Really helpful!
Sorry, but the code did not show up in my post.
You need to remove the line !–#echo var=”SERVER_SOFTWARE” –, including the closing brackets, to remove the server software information from the bottom of the error pages.