I have a perl CGI script that takes file path arguments from the command line, and reads the specified files. pretty standard stuff i imagine.

anyway, I want to restrict access to certain paths, so that people cant access information to the parent directory, or my .htaccess files.

i've tried this bind to restrict accessing the parent directory:

$page_location =~ s/../denied/;


so that you couldnt type in "mycgi.cgi?../otherfiles.stuff"
but it always returns an error on the page.

any suggestions?

What kind of error is it returning? Is it a 404 (Page not found)? If so, it's because your substitiution is working, but obviously that file isn't there. Why not do something like this:
If (path contains dots)
Error
Else
Go on

i'm not sure about your error, but those dots are special characters in a regular expression - a . means one of any character. if you want to filter out "." characters then you have to escape them: /\.\./

but yea, what's the error, exactly? you might want to use CGI::Carp or turn on warnings, if you haven't already, to get errors/warnings printing out in the browser.

actually, that was my problem. I wasnt escaping the periods. my error was an error 500 "premature end of script headers"

despite the name, my headers are fine. I get that error whenever a CGI crashes.