I'm managing some dedicated servers which only php scripts are hosted on them. I want to completely disable cgi on all virtual servers as it's not needed at all, it just make it possible for hackers to upload and execute cgi shells on websites.In other words why I should have a module on the server while it's not being used at all ??
I've tried to do it but it's not possible as when I uncheck 'Automatically add appropriate SuExec directive?' in apache template, it says 'PHP scripts cannot be run as the domain owner unless suexec is enabled'. I tried to change php-fcgi to php-cgi but it doesn't matter and the same error occurs.
Is it any workaround available for this ??