Web content can be static or dynamic. Static content is read only and does not change over time. Dynamic content refers to URLs that reference an executable program on a web server. When dynamic content is requested, the web server executes the program and sends the output back to the client. CGI is a standard for interfacing a web server to external applications. Once CGI is configured on a web server, URL's requested from the server can point to programs (C/C++, Perl, etc.) that are executed before sending output (html, for instance) back to the client via the server.
Assuming Apache is running with default configuration, a comprehensive tutorial on configuring Apache to run CGI is available at:
http://httpd.apache.org/docs-2.0/howto/cgi.html
A comprehensive tutorial on running the default Apache server is available at:
http://httpd.apache.org/docs-2.0/install.html
If your CGI program is not working, check the following:
>/etc/init.d/httpd [start|stop|restart]
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
<Directory "/var/www/cgi-bin">
AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all
</Directory>
Make sure the CGI program is readable and executable:
>chmod 755 program.cgi
Check that the contents of the cgi-bin defined by the 'ScriptAlias' Directive are not visible. Attempting to access files in the cgi-bin should result in 'Access forbidden!' (Error 403).
The First line printed by any CGI program must be:
Content-type: text/html\n\n
or another valid CGI header. Note the two new lines.
| Program | Source Code | URL of CGI program |
|---|---|---|
| hello_world.cgi | source | executable |
| redirect.cgi | source | executable |
CGI programs present many security risks. Before writing CGI programs, it is important to read the CGI section of the WWW Security FAQ at:
http://www.w3.org/Security/Faq/wwwsf4.html