Webserver use, configuration and management

Unit WUCM1

Web server configuration for CGI practical

Laurie, (1999), Chapter 4; Wainwright, (1999), Chapter 6 or Arnold, (2000), Chapter 4

Setting up Apache to use CGI scripts

One of the oldest ways of doing server-side programming involves the design and production of programs written in a suitable language that will conform to the Common Gateway Interface – CGI.  

This tutorial will look at extending the basic Roger website to include a few simple CGI scripts, ultimately a simple script to process an HTML form filled in by students who need to ask for missing notes. 

(For those of you who want to pursue the matter in a bit more depth, look at (Laurie, 1999) chapter 4, or one of the other references given above. Laurie’s examples revolve around a company called Butterflies who sell postcards, and the CD in the back has a large collection of example websites that develop a range of Apache features. The later Laurie (2003) text has a great deal more coverage, but is not so straightforwardly set out.)

In order to play with CGI we first of all need to construct an HTML form containing fields that the user fills in prior to submitting it to the server. Dreamweaver makes constructing a form easy (but the basics are reasonably straightforward if you only have Notepad or a similar tool). Thus far, the web pages we have fetched from the server have all used the HTTP GET method. If we just want to run a simple CGI script to retreive information from the server, using GET as the HTTP method is fine. If we want to update information on the server, the POST method is more appropriate. (For a full explanation of what method to use see the HTTP specification.)

To configure Apache for CGI scripts we will start with a simple GET method that invokes a CGI script to give us a simple response.   Under Unix (of what ever flavour) you need to execute a shell script, which needs to be configured as executable (using chmod +x <scriptname>); under Windows the use of the .BAT extension is sufficient. The following batch file will be sufficient to test out if the server is configured to correctly deal with CGI scripts.

@echo off 
echo "content-type: text/plain" 
echo "Have a nice day"

The first line turns off the echoing of the commands themselves - very confusing if you don’t. The next line is the header information, in this case telling the client that the content is plain text, i.e. not even html. There are many alternatives - the content-type header uses MIME types. There needs to be a blank line that separates the header from the body, the third line does this. Finally the body is just the command to echo the contents of the document.

Create this file (called niceday.bat) in directory \cgi-bin under your web server's root directory. If that directory doesn't exist, you will need to create it. Test the program by running it from the MS-DOS command line. It should output 3 lines of text.

How do we get it to be run from the web server?

A conventional URL mapping (say we requested http://server/cgi-bin/niceday.bat) won't work because Apache (as configured out of the box) would attempt to respond with the file \webroot\htdocs\cgi-bin\niceday.bat. Even if that file exists, Apache won't run it - it would simply deliver its program text (try it and see). This is potentially a big security loophole - you do not want your users to be able to see the source code of your programs.

We therefore have to both instruct Apache to execute the program rather than deliver its source, and to have the program so located that a user cannot contrive a URL that would enable them to view the source.

Using a directory such as \cgi-bin is the way to do this. The ScriptAlias directive in the httpd.conf file is used to specify its location. Here is an example that shows how to use it.

# Simple conf file for the web site Roger

#Tell Apache what sort of server it is
ServerType standalone
ServerRoot "N:/Apache"

# Required parameter to tell Apache its name
ServerName "cl101.tech.port.ac.uk"

# Where the documents that make up the site are stored
DocumentRoot "N:/WebRoot/Roger/htdocs"
# Where the error and access logs should go
TransferLog "N:/WebRoot/logs/access.log"
ErrorLog "N:/WebRoot/logs/error.log"
LogLevel warn
# tell Apache where the cgi program files are to be found
# i.e. not in the documents tree for security reasons
ScriptAlias /cgi-bin "N:/WebRoot/Roger/cgi-bin"

# tell Apache where to put the script errors
ScriptLog "N:/WebRoot/logs/script.log"

We have added in two directives to tell Apache where CGI related things are. (N.B. You may need to check whether you need to add in an extra <Directory N:/WebRoot/Roger/cgi-bin> section to permit access to the directory in view of your default deny set up for all apart from the document root tree.) There are alternatives to this use of ScriptAlias, see (Laurie, 1999). When you open up the browser and follow this link (try something like http://localhost/cgi-bin/niceday.bat) you should receive the message.

What do you have to do to the program to make it generate an HTML page? Try it.

This tutorial exercise has set up the basics of CGI configuration, as discussed in the lecture there are a host of alternatives, do explore some of them.


Ben Laurie and Peter Laurie
Apache: The Definitive Guide (2e)
O’Reilly, 1999
ISBN: 1565925289

Mark Arnold, Jeff Almeida & Clint Miller
Administering Apache
McGraw-Hill, 2000
ISBN: 0072122919

Peter Wainwright
Professional Apache
Wrox, 1999
ISBN: 1861003021

Ben Laurie and Peter Laurie
Apache: The Definitive Guide (3e)
O’Reilly, 2003
ISBN: 0596002033


Last updated by Prof Jim Briggs of the School of Computing at the University of Portsmouth