Security: Changing the location of the data files
By default, AXS stores all data in the same folder as the Perl CGI scripts. The data files are therefore under your publicly-accessible web folder. Here is an example default configuration:
e:\webroot\axs\ax-admin.pl e:\webroot\axs\log.txt e:\webroot\axs\axs.dat
Under this configuration, it may be possible for an anonymous visitor to request "http://localhost/axs/log.txt" and thereby gain access to the log file.
To maximize security, copy the data files to somewhere outside of your webroot, such as:
e:\data\log.txt e:\data\axs.dat e:\webroot\axs\ax-admin.pl
Once you move your folder, be sure to apply the proper permissions. Then, edit "ax.pl" and "ax-admin.pl" (or "ax.cgi" and "ax-admin.cgi") and find the line that looks like this:
$LogFile = 'log.txt'; $prefs = 'axs.dat';
Replace the relative paths with the full paths to the files. Remember to always use forward slashes on Windows systems:
$LogFile = 'e:/data/log.txt'; $prefs = 'e:/data/axs.dat';
Visit the ax-admin page to verify that everything still works. Once it works to your satisfaction at the copied location, delete the original data files folder under your webroot.
"Security: Changing the location of the data files" https://www.xav.com/scripts/axs/help/1079.html