I'm not sure when this happened, but the perl scripts
which my site is dependent on seem to have stopped
working properly.

Specifically, arguments are not being passed through
when scripts are called from a web page. The scripts
are working fine in every other respect, they just don't
seem to be receiving the arguments.

For example...

In this page,
http://www.arseweb.com/cgi-bin/main.pl?active.history
The full html page is generated, but without the modifications
specified by the 'active.history' argument. The content should
vary as you click through the tabs in that page.

I should re-emphasize that this was all working fine
not long ago.

Can anyone suggest why this might have happened?
I've not done anything to the scripts myself, so I'm
struggling to think of where to look for the solution.

Any error messages in the CGI web log at /big/dom/xarseweb/logs_cgi/ ?

There was a security measure invoked in the Apache engines last week that really should not have affected anyone other than the crackers looking for such holes...

Please read:
http://httpd.apache.org/docs/1.3/mod/core.html#cgicommandargs

If you need to have the 'old' way of passing args, you can turn it back on via .htaccess file... However, I would recommend updating your scripts to use the modern and safer methods of argument passing...

Hope that helps to explain what happened and the measures required to fix this condition...

--
Terra
sysAdmin
FutureQuest

For anyone else trying to unearth exactly what the protocol was for this kind of Query String, you can try to decode the standards-speak in the section titled "The CGI script command line" here:
The WWW Common Gateway Interface Version 1.1 (http://graphcomp.com/info/specs/cgi11.html)
It seems that words separated by + are fed in as $ARGV[0], $ARGV[1], .. etc. It was used in implementing the old ISINDEX tag.

Also I came across something about PHP in CGI-mode having an odd behavior in order to protect itself against this: environment variables override command-line arguments.

Well, that's what I found in Google. If somebody wants to update the Wikipedia article on Query Strings, that would be great, because there's nothing there about it!

That's very helpful, thanks. I've been doing things this
way for 10 years, didn't realise there was a better way.
I'll try to find out what that better way is, but in the
meantime it'd be good to get my site working again
with the .htaccess thing. I've tried doing that but it
just seems to break things. Is the server definitely
allowing me to override the default value of
CGICommandArgs? If so please could you tell me
what I have to do in .htaccess? Because I've tried a
few things now and I'm not sure what to try next.

Also, it's not clear to me whether CGICommandArgs
being turned off means that one can't pass any command
line arguments or only prevents those that don't
contain a '='. It seemed like it was the latter but
changing my argument to contain a '=' didn't help.

There was a security measure invoked in the Apache engines last week that really should not have affected anyone other than the crackers looking for such holes...

Please read:
http://httpd.apache.org/docs/1.3/mod/core.html#cgicommandargs

If you need to have the 'old' way of passing args, you can turn it back on via .htaccess file... However, I would recommend updating your scripts to use the modern and safer methods of argument passing...

Hope that helps to explain what happened and the measures required to fix this condition...

--
Terra
sysAdmin
FutureQuest

Maybe parse $ENV{'QUERY_STRING'} directly?

Parsing $ENV{'QUERY_STRING'} is the modern way to do it. The = sign will not help as even in the old days that prevented the command line from being used at all.