Bad CGI?

[NateObee]

I've been working through the tutorial, THanks for all the detail! I've hit a snag that I'm not sure about. In the  Testing Internet Information Services, and the PHP installation section I get this page.  I've gone back a few sections to verifiy my .config file changes.

Win 7 x64

 

Please Help!

Thanks.

 

[Mohamadou]

Hello Nate!

 

Attach your php.in and do captures of IIS configuration(Default web site parameters).

[Morpheus]

Did you follow the tutorial, and install IIS as described using the moveiis.bat file?

 

Attach the configuration files requested above.

[NateObee]

Thanks for the sugestions. I figured out that modder.vbs did not run correctly. After i manually installed C++ I got he config page and verified all the stuff. I made it a lot further through the tutorial untill i got here:

Configuring the Windows Intrusion Detection Systems (WinIDS) Security Console

At the CMD prompt type 'tartool d:tempopensource.tar.gz d:winidsinetpubwwwrootbasesignatures' (less the outside quotes), and tap the 'Enter' key.

 

The command line returns this:

D:Temp>tartool d:tempopensource.tar.gz d:winidsinetpubwwwrootbasesignatures
Error extracting d:tempopensource.tar.gz

Exception message Could not find file 'd:tempopensource.tar.gz'.

 

Where does opensource.tar.gz come from? Is it added by modder.vbs? is in another compressed file?

 

Thanks in advance,

Nate

[Morpheus]

It appears you missed a step. The tutorial specifically details how to get the file that is missing.

[NateObee]

Oh Man, I hate it when it's just me being stupid. I found the file and worked through the rest of the tutorial. However, I'm now having a problem with the Winids Security console. I get the attached screen shot.

Thanks.

Nate

[Morpheus]

Read >this and give it a try and see if it clears up your problem.

[Meshuggener]

SELF RESOLVED - Ensure cgi.force_redirect = 0 has been turned on. 

 

Hi there, I'm encountering the HTTP Error 502.2 - Bad Gateway when I go to http://winids/test.phpon any web browser with the following text:

 

The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are "<b>Security Alert!</b> The PHP CGI cannot be accessed directly. <p>This PHP CGI binary was compiled with force-cgi-redirect enabled. This means that a page will only be served up if the REDIRECT_STATUS CGI variable is set, e.g. via an Apache Action directive.</p> <p>For more information as to <i>why</i> this behaviour exists, see the <a href="http://php.net/security.cgi-bin">manualpage for CGI security</a>.</p> <p>For more information about changing this behaviour or re-enabling this webserver, consult the installation file that came with this distribution, or visit <a href="http://php.net/install.windows">the manual page</a>.</p> ".

 

Until this point in the setup all tests have passed successfully.

I have verified that IIS has retained it's settings and even removed them, restarted the 2012 R2 VM and entered them again with the same result.

Other URLs like http://winids and http://winids/base_main.php also have the same error.

I have gone through the "Security Console has a blank page..." thread as well.

 

I have attached:

 

snort.conf

barnyard2.conf

 

The attach function wouldn't let me attach :

 

php.ini

base.conf.php.dist

 

 

Cheers!

 

barnyard2.conf

snort.conf

[Morpheus]

This below is documented in the tutorial.

SELF RESOLVED - Ensure cgi.force_redirect = 0 has been turned on. 

 

Have you moved the test.php to the d:winidsinetpubwwwrootbase folder and see if you can access that file through the browser?

 

You should zip up the C:WindowsSystem32inetsrv folder, and attach that along with your php.ini file.