Return-Path:
The
- ScriptAlias
-
+
The ScriptAlias
directive looks like:
ScriptAlias /cgi-bin/ /usr/local/apache/cgi-bin/
The example shown is from your default
- httpd.conf
+
+ ScriptAlias /cgi-bin/ /usr/local/apache/cgi-bin/
+
The example shown is from your default httpd.conf
configuration file, if you installed Apache in the default
- location. The ScriptAlias
directive is much like the
- Alias
directive, which defines a URL prefix that
- is to mapped to a particular directory. Alias
- and ScriptAlias
are usually used for directories
- that are outside of the DocumentRoot
directory.
- The difference between Alias
and
- ScriptAlias
is that ScriptAlias
- has the added meaning that everything under that URL prefix
- will be considered a CGI program. So, the example above tells
- Apache that any request for a resource beginning with
- /cgi-bin/
should be served from the directory
- /usr/local/apache/cgi-bin/
, and should be treated
- as a CGI program.
ScriptAlias
+ directive is much like the Alias
directive, which defines a URL prefix that
+ is to mapped to a particular directory. Alias
+ and ScriptAlias
are usually used for
+ directories that are outside of the DocumentRoot
directory. The difference between
+ Alias
and ScriptAlias
+ is that ScriptAlias
has the added meaning
+ that everything under that URL prefix will be considered a CGI
+ program. So, the example above tells Apache that any request for a
+ resource beginning with /cgi-bin/
should be served from
+ the directory /usr/local/apache/cgi-bin/
, and should be
+ treated as a CGI program.
- For example, if the URL +
For example, if the URL
http://www.example.com/cgi-bin/test.pl
is requested, Apache will attempt to execute the file
/usr/local/apache/cgi-bin/test.pl
@@ -97,66 +94,71 @@
CGI programs are often restricted to
- ScriptAlias
'ed directories for security reasons.
- In this way,
- administrators can tightly control who is allowed to use CGI
- programs. However, if the proper security precautions are
+
CGI programs are often restricted to ScriptAlias
'ed directories for security reasons.
+ In this way, administrators can tightly control who is allowed to
+ use CGI programs. However, if the proper security precautions are
taken, there is no reason why CGI programs cannot be run from
arbitrary directories. For example, you may wish to let users
have web content in their home directories with the
- UserDir
directive. If they want to have their own
- CGI programs, but don't have access to the main
- cgi-bin
directory, they will need to be able to
+ UserDir
directive.
+ If they want to have their own CGI programs, but don't have access to
+ the main cgi-bin
directory, they will need to be able to
run CGI programs elsewhere.
You could explicitly use the Options
- directive, inside your main server configuration file, to
- specify that CGI execution was permitted in a particular
+
You could explicitly use the Options
directive, inside your main server configuration
+ file, to specify that CGI execution was permitted in a particular
directory:
<Directory /usr/local/apache/htdocs/somedir>
- Options +ExecCGI
- </Directory>
+ <Directory /usr/local/apache/htdocs/somedir>
+
+ Options +ExecCGI
+
+ </Directory>
+
The above directive tells Apache to permit the execution
of CGI files. You will also need to tell the server what
- files are CGI files. The following
- AddHandler
-
- directive tells the server to treat all files with the
- cgi
or pl
extension as CGI programs:
AddHandler
directive tells the server to treat all
+ files with the cgi
or pl
extension as CGI
+ programs:
- AddHandler cgi-script cgi pl
+ AddHandler cgi-script cgi pl
+
A .htaccess
file is a way to set configuration
- directives on a per-directory basis. When Apache serves a
- resource, it looks in the directory from which it is serving
+
A .htaccess
file is a way
+ to set configuration directives on a per-directory basis. When Apache
+ serves a resource, it looks in the directory from which it is serving
a file for a file called .htaccess
, and, if it
finds it, it will apply directives found therein.
.htaccess
files can be permitted with the
- AllowOverride
directive, which specifies what
- types of directives can
+ AllowOverride
directive,
+ which specifies what types of directives can
appear in these files, or if they are not allowed at all. To
permit the directive we will need for this purpose, the
following configuration will be needed in your main server
configuration:
AllowOverride Options
+ AllowOverride Options
+
In the .htaccess
file, you'll need the
following directive:
Options +ExecCGI
+ Options +ExecCGI
+
which tells Apache that execution of CGI programs is permitted in this directory.
@@ -174,7 +176,9 @@ what sort of content it is receiving. Most of the time, this will look like: -Content-type: text/html
+ Content-type: text/html
+
Secondly, your output needs to be in HTML, or some other
format that a browser will be able to display. Most of the
@@ -193,9 +197,10 @@
file called first.pl
, and put it in your
cgi-bin
directory.
Even if you are not familiar with Perl, you should be able
@@ -207,20 +212,20 @@
talked about, followed by two carriage-return newline pairs.
This puts a blank line after the header, to indicate the end
of the HTTP headers, and the beginning of the body. The third
- line prints the string ``Hello, World.'' And that's the end
+ line prints the string "Hello, World.". And that's the end
of it. If you open your favorite browser and tell it to get the
address or wherever you put your file, you will see the one line
- #!/usr/bin/perl
- print "Content-type: text/html\n\n";
- print "Hello, World.";
+
+ #!/usr/bin/perl
+ print "Content-type: text/html\n\n";
+ print "Hello, World.";
http://www.example.com/cgi-bin/first.pl
+ http://www.example.com/cgi-bin/first.pl
+
Hello, World.
-
- appear in your browser window. It's not very exciting, but
- once you get that working, you'll have a good chance of
- getting just about anything working.Hello, World.
appear in your browser window.
+ It's not very exciting, but once you get that working, you'll
+ have a good chance of getting just about anything working.
Remember that the server does not run as you. That is, when the server starts up, it is running with the permissions - of an unprivileged user - usually ``nobody'', or ``www'' - - and so it will need extra permissions to execute files that - are owned by you. Usually, the way to give a file sufficient - permissions to be executed by ``nobody'' is to give everyone - execute permission on the file:
+ of an unprivileged user - usuallynobody
, or
+ www
- and so it will need extra permissions to
+ execute files that are owned by you. Usually, the way to give
+ a file sufficient permissions to be executed by nobody
+ is to give everyone execute permission on the file:
- chmod a+x first.pl
+ chmod a+x first.pl
+
Also, if your program reads from, or writes to, any other files, those files will need to have the correct permissions to permit this.
The exception to this is when the server is configured to
- use suexec.
-
- This program allows CGI programs to be run under different
+ use suexec. This program allows
+ CGI programs to be run under different
user permissions, depending on which virtual host or user
home directory they are located in. Suexec has very strict
permission checking, and any failure in that checking will
@@ -319,7 +311,9 @@
interpreter (often perl
) indicated in the first
line of your CGI program, which will look something like:
#!/usr/bin/perl
+ #!/usr/bin/perl
+
Make sure that this is in fact the path to the interpreter.
@@ -356,7 +350,7 @@ become useful to understand more about what's happening behind the scenes. Specifically, how the browser and server communicate with one another. Because although it's all very - well to write a program that prints ``Hello, World.'', it's not + well to write a program that prints "Hello, World.", it's not particularly useful.These variables are available to the CGI programmer, and are half of the story of the client-server communication. The complete list of required variables is at - - http://hoohoo.ncsa.uiuc.edu/cgi/env.html -
+ http://hoohoo.ncsa.uiuc.edu/cgi/env.html.This simple Perl CGI program will display all of the environment variables that are being passed around. Two @@ -393,15 +385,17 @@ see some variables listed that were not in the official list. In addition, Apache provides many different ways for you to add your own environment variables - to the basic ones provided by default.
- #!/usr/bin/perl
- print "Content-type: text/html\n\n";
- foreach $key (keys %ENV) {
- print "$key --> $ENV{$key}<br>";
- }
The ``special format'' is very simple. A field name and +
The "special format" is very simple. A field name and its value are joined together with an equals (=) sign, and pairs of values are joined together with an ampersand (&). Inconvenient characters like spaces, ampersands, and @@ -429,7 +423,7 @@ something like:
- name=Rich%20Bowen&city=Lexington&state=KY&sidekick=Squirrel%20Monkey
+ name=Rich%20Bowen&city=Lexington&state=KY&sidekick=Squirrel%20Monkey
You'll sometimes also see this type of string appended to @@ -456,14 +450,13 @@
If you're writing CGI programs in Perl, modules are available on CPAN. The most - popular module for this purpose is CGI.pm. You might - also consider CGI::Lite, which implements a minimal set of - functionality, which is all you need in most programs.
+ popular module for this purpose isCGI.pm
. You might
+ also consider CGI::Lite
, which implements a minimal
+ set of functionality, which is all you need in most programs.
If you're writing CGI programs in C, there are a variety of - options. One of these is the CGIC library, from - http://www.boutell.com/cgic/ -
+ options. One of these is theCGIC
library, from
+ http://www.boutell.com/cgic/.
There are a large number of CGI resources on the web. You can discuss CGI problems with other users on the Usenet group - comp.infosystems.www.authoring.cgi. And the -servers mailing + comp.infosystems.www.authoring.cgi. And the -servers mailing list from the HTML Writers Guild is a great source of answers to your questions. You can find out more at - - http://www.hwg.org/lists/hwg-servers/ -
+ http://www.hwg.org/lists/hwg-servers/.And, of course, you should probably read the CGI specification, which has all the details on the operation of CGI programs. You can find the original version at the - - NCSA - - and there is an updated draft at the + NCSA and there is an updated draft at the Common Gateway Interface RFC project.
1.2.2.1 +111 -116 httpd-2.0/docs/manual/howto/cgi.xml Index: cgi.xml =================================================================== RCS file: /home/cvs/httpd-2.0/docs/manual/howto/cgi.xml,v retrieving revision 1.2 retrieving revision 1.2.2.1 diff -u -r1.2 -r1.2.2.1 --- cgi.xml 17 Nov 2002 06:28:39 -0000 1.2 +++ cgi.xml 22 Dec 2002 15:24:57 -0000 1.2.2.1 @@ -13,15 +13,12 @@The
-
The
The example shown is from your default
- httpd.conf
+
The example shown is from your default httpd.conf
configuration file, if you installed Apache in the default
- location. The ScriptAlias
directive is much like the
- Alias
directive, which defines a URL prefix that
- is to mapped to a particular directory. Alias
- and ScriptAlias
are usually used for directories
- that are outside of the DocumentRoot
directory.
- The difference between Alias
and
- ScriptAlias
is that ScriptAlias
- has the added meaning that everything under that URL prefix
- will be considered a CGI program. So, the example above tells
- Apache that any request for a resource beginning with
- /cgi-bin/
should be served from the directory
- /usr/local/apache/cgi-bin/
, and should be treated
- as a CGI program.
/cgi-bin/
should be served from
+ the directory /usr/local/apache/cgi-bin/
, and should be
+ treated as a CGI program.
- For example, if the URL +
For example, if the URL
CGI programs are often restricted to
- CGI programs are often restricted to You could explicitly use the You could explicitly use the The above directive tells Apache to permit the execution
of CGI files. You will also need to tell the server what
- files are CGI files. The following
- http://www.example.com/cgi-bin/test.pl
is requested, Apache will attempt to execute the file
/usr/local/apache/cgi-bin/test.pl
@@ -91,66 +87,74 @@
ScriptAlias
'ed directories for security reasons.
- In this way,
- administrators can tightly control who is allowed to use CGI
- programs. However, if the proper security precautions are
+ UserDir
directive. If they want to have their own
- CGI programs, but don't have access to the main
- cgi-bin
directory, they will need to be able to
+ cgi-bin
directory, they will need to be able to
run CGI programs elsewhere.Options
- directive, inside your main server configuration file, to
- specify that CGI execution was permitted in a particular
+
- Options +ExecCGI
- </Directory>
+
+ AddHandler
-
- directive tells the server to treat all files with the
- cgi
or pl
extension as CGI programs:cgi
or pl
extension as CGI
+ programs:
A .htaccess
file is a way to set configuration
- directives on a per-directory basis. When Apache serves a
- resource, it looks in the directory from which it is serving
+
A .htaccess
file is a way
+ to set configuration directives on a per-directory basis. When Apache
+ serves a resource, it looks in the directory from which it is serving
a file for a file called .htaccess
, and, if it
finds it, it will apply directives found therein.
.htaccess
files can be permitted with the
- AllowOverride
directive, which specifies what
- types of directives can
+
In the .htaccess
file, you'll need the
following directive:
which tells Apache that execution of CGI programs is permitted in this directory.
@@ -168,7 +172,9 @@ what sort of content it is receiving. Most of the time, this will look like: -Secondly, your output needs to be in HTML, or some other
format that a browser will be able to display. Most of the
@@ -187,9 +193,10 @@
file called first.pl
, and put it in your
cgi-bin
directory.
Even if you are not familiar with Perl, you should be able @@ -201,20 +208,20 @@ talked about, followed by two carriage-return newline pairs. This puts a blank line after the header, to indicate the end of the HTTP headers, and the beginning of the body. The third - line prints the string ``Hello, World.'' And that's the end + line prints the string "Hello, World.". And that's the end of it.
If you open your favorite browser and tell it to get the address
-or wherever you put your file, you will see the one line
- Hello, World.
-
- appear in your browser window. It's not very exciting, but
- once you get that working, you'll have a good chance of
- getting just about anything working.
Hello, World.
appear in your browser window.
+ It's not very exciting, but once you get that working, you'll
+ have a good chance of getting just about anything working.
Remember that the server does not run as you. That is, when the server starts up, it is running with the permissions - of an unprivileged user - usually ``nobody'', or ``www'' - - and so it will need extra permissions to execute files that - are owned by you. Usually, the way to give a file sufficient - permissions to be executed by ``nobody'' is to give everyone - execute permission on the file:
+ of an unprivileged user - usuallynobody
, or
+ www
- and so it will need extra permissions to
+ execute files that are owned by you. Usually, the way to give
+ a file sufficient permissions to be executed by nobody
+ is to give everyone execute permission on the file:
- Also, if your program reads from, or writes to, any other files, those files will need to have the correct permissions to permit this.
The exception to this is when the server is configured to
- use suexec.
-
- This program allows CGI programs to be run under different
+ use suexec. This program allows
+ CGI programs to be run under different
user permissions, depending on which virtual host or user
home directory they are located in. Suexec has very strict
permission checking, and any failure in that checking will
@@ -313,7 +307,9 @@
interpreter (often perl
) indicated in the first
line of your CGI program, which will look something like:
Make sure that this is in fact the path to the interpreter.
@@ -350,7 +346,7 @@ become useful to understand more about what's happening behind the scenes. Specifically, how the browser and server communicate with one another. Because although it's all very - well to write a program that prints ``Hello, World.'', it's not + well to write a program that prints "Hello, World.", it's not particularly useful.These variables are available to the CGI programmer, and are half of the story of the client-server communication. The complete list of required variables is at - - http://hoohoo.ncsa.uiuc.edu/cgi/env.html -
+ http://hoohoo.ncsa.uiuc.edu/cgi/env.html.This simple Perl CGI program will display all of the environment variables that are being passed around. Two @@ -387,15 +382,17 @@ see some variables listed that were not in the official list. In addition, Apache provides many different ways for you to add your own environment variables - to the basic ones provided by default.
The ``special format'' is very simple. A field name and +
The "special format" is very simple. A field name and its value are joined together with an equals (=) sign, and pairs of values are joined together with an ampersand (&). Inconvenient characters like spaces, ampersands, and @@ -423,7 +420,7 @@ something like:
You'll sometimes also see this type of string appended to @@ -450,14 +447,14 @@
If you're writing CGI programs in Perl, modules are available on CPAN. The most - popular module for this purpose is CGI.pm. You might - also consider CGI::Lite, which implements a minimal set of - functionality, which is all you need in most programs.
+ popular module for this purpose isCGI.pm
. You might
+ also consider CGI::Lite
, which implements a minimal
+ set of functionality, which is all you need in most programs.
If you're writing CGI programs in C, there are a variety of - options. One of these is the CGIC library, from - http://www.boutell.com/cgic/ -
+ options. One of these is theCGIC
library, from
+ http://www.boutell.com/cgic/.
There are a large number of CGI resources on the web. You can discuss CGI problems with other users on the Usenet group - comp.infosystems.www.authoring.cgi. And the -servers mailing + comp.infosystems.www.authoring.cgi. And the -servers mailing list from the HTML Writers Guild is a great source of answers to your questions. You can find out more at - - http://www.hwg.org/lists/hwg-servers/ -
+ http://www.hwg.org/lists/hwg-servers/.And, of course, you should probably read the CGI specification, which has all the details on the operation of CGI programs. You can find the original version at the - - NCSA - - and there is an updated draft at the + NCSA and there is an updated draft at the Common Gateway Interface RFC project.