Sign in to follow this  
Followers 0
NateObee

Bad CGI?

9 posts in this topic

I've been working through the tutorial, THanks for all the detail! I've hit a snag that I'm not sure about. In the  Testing Internet Information Services, and the PHP installation section I get this page.  I've gone back a few sections to verifiy my .config file changes.

Win 7 x64

 

Please Help!

Thanks.

 

post-353-0-94905800-1410740016_thumb.jpg

Share this post


Link to post
Share on other sites

Hello Nate!

 

Attach your php.in and do captures of IIS configuration(Default web site parameters).

Share this post


Link to post
Share on other sites

Did you follow the tutorial, and install IIS as described using the moveiis.bat file?

 

Attach the configuration files requested above.

Share this post


Link to post
Share on other sites

Thanks for the sugestions. I figured out that modder.vbs did not run correctly. After i manually installed C++ I got he config page and verified all the stuff. I made it a lot further through the tutorial untill i got here:

Configuring the Windows Intrusion Detection Systems (WinIDS) Security Console

At the CMD prompt type 'tartool d:tempopensource.tar.gz d:winidsinetpubwwwrootbasesignatures' (less the outside quotes), and tap the 'Enter' key.

 

The command line returns this:

D:Temp>tartool d:tempopensource.tar.gz d:winidsinetpubwwwrootbasesignatures
Error extracting d:tempopensource.tar.gz

Exception message Could not find file 'd:tempopensource.tar.gz'.

 

Where does opensource.tar.gz come from? Is it added by modder.vbs? is in another compressed file?

 

Thanks in advance,

Nate

Share this post


Link to post
Share on other sites

It appears you missed a step. The tutorial specifically details how to get the file that is missing.

Share this post


Link to post
Share on other sites

Oh Man, I hate it when it's just me being stupid. I found the file and worked through the rest of the tutorial. However, I'm now having a problem with the Winids Security console. I get the attached screen shot.

Thanks.

Nate

post-353-0-43725800-1414710559_thumb.jpg

Share this post


Link to post
Share on other sites

SELF RESOLVED - Ensure cgi.force_redirect = 0 has been turned on. 

 

Hi there, I'm encountering the HTTP Error 502.2 - Bad Gateway when I go to http://winids/test.phpon any web browser with the following text:

 

The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are "<b>Security Alert!</b> The PHP CGI cannot be accessed directly. <p>This PHP CGI binary was compiled with force-cgi-redirect enabled. This means that a page will only be served up if the REDIRECT_STATUS CGI variable is set, e.g. via an Apache Action directive.</p> <p>For more information as to <i>why</i> this behaviour exists, see the <a href="http://php.net/security.cgi-bin">manualpage for CGI security</a>.</p> <p>For more information about changing this behaviour or re-enabling this webserver, consult the installation file that came with this distribution, or visit <a href="http://php.net/install.windows">the manual page</a>.</p> ".

 

Until this point in the setup all tests have passed successfully.

I have verified that IIS has retained it's settings and even removed them, restarted the 2012 R2 VM and entered them again with the same result.

Other URLs like http://winids and http://winids/base_main.php also have the same error.

I have gone through the "Security Console has a blank page..." thread as well.

 

I have attached:

 

snort.conf

barnyard2.conf

 

The attach function wouldn't let me attach :

 

php.ini

base.conf.php.dist

 

 

Cheers!

 

barnyard2.conf

snort.conf

Share this post


Link to post
Share on other sites

This below is documented in the tutorial.

SELF RESOLVED - Ensure cgi.force_redirect = 0 has been turned on. 

 

Have you moved the test.php to the d:winidsinetpubwwwrootbase folder and see if you can access that file through the browser?

 

You should zip up the C:WindowsSystem32inetsrv folder, and attach that along with your php.ini file.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0