Webserver use, configuration and management
Laurie, (1999), Chapter 4; Wainwright, (1999), Chapter 6 or Arnold, (2000), Chapter 4
One of the oldest ways of doing server-side programming involves the design and production of programs written in a suitable language that will conform to the Common Gateway Interface – CGI.
This tutorial will look at extending the basic Roger website to include a few simple CGI scripts, ultimately a simple script to process an HTML form filled in by students who need to ask for missing notes.
(For those of you who want to pursue the matter in a bit more depth, look at (Laurie, 1999) chapter 4, or one of the other references given above. Laurie’s examples revolve around a company called Butterflies who sell postcards, and the CD in the back has a large collection of example websites that develop a range of Apache features. The later Laurie (2003) text has a great deal more coverage, but is not so straightforwardly set out.)
In order to play with CGI we first of all need to construct an HTML form containing fields that the user fills in prior to submitting it to the server. Dreamweaver makes constructing a form easy (but the basics are reasonably straightforward if you only have Notepad or a similar tool). Thus far, the web pages we have fetched from the server have all used the HTTP GET method. If we just want to run a simple CGI script to retreive information from the server, using GET as the HTTP method is fine. If we want to update information on the server, the POST method is more appropriate. (For a full explanation of what method to use see the HTTP specification.)
To configure Apache for CGI scripts we will start with a simple GET method that invokes a CGI script to give us a simple response. Under Unix (of what ever flavour) you need to execute a shell script, which needs to be configured as executable (using chmod +x <scriptname>); under Windows the use of the .BAT extension is sufficient. The following batch file will be sufficient to test out if the server is configured to correctly deal with CGI scripts.
@echo off echo "content-type: text/plain" echo echo "Have a nice day"
The first line turns off the echoing of the commands themselves - very confusing if you don’t. The next line is the header information, in this case telling the client that the content is plain text, i.e. not even html. There are many alternatives - the content-type header uses MIME types. There needs to be a blank line that separates the header from the body, the third line does this. Finally the body is just the command to echo the contents of the document.
Create this file (called
niceday.bat) in directory \cgi-bin under your web server's root directory. If that directory doesn't exist, you will need to create it. Test the program by running it from the MS-DOS command line. It should output 3 lines of text.
How do we get it to be run from the web server?
A conventional URL mapping (say we requested http://server/cgi-bin/niceday.bat) won't work because Apache (as configured out of the box) would attempt to respond with the file \webroot\htdocs\cgi-bin\niceday.bat. Even if that file exists, Apache won't run it - it would simply deliver its program text (try it and see). This is potentially a big security loophole - you do not want your users to be able to see the source code of your programs.
We therefore have to both instruct Apache to execute the program rather than deliver its source, and to have the program so located that a user cannot contrive a URL that would enable them to view the source.
Using a directory such as \cgi-bin is the way to do this. The
ScriptAlias directive in the httpd.conf file is used to specify its location. Here is an example that shows how to use it.
# Simple conf file for the web site Roger #Tell Apache what sort of server it is ServerType standalone ServerRoot "N:/Apache" # Required parameter to tell Apache its name ServerName "cl101.tech.port.ac.uk" # Where the documents that make up the site are stored DocumentRoot "N:/WebRoot/Roger/htdocs" # Where the error and access logs should go TransferLog "N:/WebRoot/logs/access.log" ErrorLog "N:/WebRoot/logs/error.log" LogLevel warn # tell Apache where the cgi program files are to be found # i.e. not in the documents tree for security reasons ScriptAlias /cgi-bin "N:/WebRoot/Roger/cgi-bin" # tell Apache where to put the script errors ScriptLog "N:/WebRoot/logs/script.log"
We have added in two directives to tell
Apache where CGI related things are. (N.B. You may need to check whether you need to add in an extra
section to permit access to the directory in view of your default deny set up
for all apart from the document root tree.) There are alternatives to this
use of ScriptAlias, see (Laurie,
1999). When you open up the browser and follow this link
(try something like http://localhost/cgi-bin/niceday.bat) you should receive the message.
What do you have to do to the program to make it generate an HTML page? Try it.
This tutorial exercise has set up the basics of CGI configuration, as discussed in the lecture there are a host of alternatives, do explore some of them.
| Ben Laurie and Peter Laurie
Apache: The Definitive Guide (2e)
Mark Arnold, Jeff Almeida & Clint Miller
Ben Laurie and Peter Laurie