httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <>
Subject RE: [users@httpd] CGI script runs under http, but browser tries to download under https
Date Wed, 15 Oct 2003 07:29:27 GMT
>-----Original Message-----
>From: David Christensen []
>I did not take any steps to specifically enable https.  It just "works
>out of the box" under Debian 3.0r1 (or not works, as the case may be):
>    root@d3020g:~# grep http /etc/services
>    www             80/tcp          http            # WorldWideWeb HTTP
>    https           443/tcp                         # MCom
>    https           443/udp                         # MCom

Eh? If you do not have "Listen 443" somewhere in your apache config then
apache is not listening on that port and so apache cannot be responding
to the HTTPS requests. So it must be something else which is

Let me see if I understand your situation correctly:

- you set up a plain HTTP site on the usual port 80 and with CGI: this
worked as expected.
- For some reason, you tried putting a small "s" into the URL to see
what would happen if you HTTPS'd to the same URL. I'm not sure what you
expected to happen, but you were suprised to find that the CGI source
was listed in the browser.

To be clear, when you type "https" into a browser, it makes the request
to port 443 on the server. If you only had your plain HTTP apache
running, this should not have worked - you should have got a "connection
refused" error at the TCP/IP level. The fact that you got a response
means that there must be something listening on that port - could it be
a default webserver that comes with Debian?

To check this out, you need to "ps -ef" and look for httpd processes.
Also, look in the /etc/rc.local (or thereabouts) for startup scripts
that might be starting a built-in apache at boot (find and grep will be
useful here...)

I'm not sure you understand the difference between HTTP and HTTPS - to
be clear, they are separate protocols and, unless configured to do so, a
webserver will not respond to HTTPS requests. So a new installation of
apache will not respond to an HTTPS request (I get the impression you
might've expected it to do so):

Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

>> Assuming I'm just thick and that you really do have a plain 
>> port 80 and an SSL VH on port 443, then the problem would be that you
>> have incorrectly set up CGI processing in the SSL VH. If you check
>> you'll see what to do if you get a source-code listing 
>(basically, you
>> haven't told apache that the content is executable).
>1.  I'm not using virtual hosts.

>2.  Yes, I've read and re-read that stretch of the Apache 
>manual several
>    times.  It points me to:

    Which I've also read multiple times.  The section "Explicitly using
    Options to permit CGI execution" was how I got per-user CGI scripts
    working in the first place:

        <Directory /home/*/public_html/cgi-bin>
            Options +ExecCGI

        AddHandler cgi-script .pl

3.  I've also tried:

        AddHandler cgi-script pl

Thus far, we've assumed it's an httpd.conf configuration issue.  I'm
starting to think it's something deeper -- a compiled in flag, or a
hard-coded feature.

My Apache is not current (1.3.26).  I'll try to upgrade to 1.3.28 and
see what happens.



The official User-To-User support forum of the Apache HTTP Server
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message