Before you can run
CGI programs on your server, certain parameters in the server configuration
files must be modified. If you are using either the NCSA
or CERN HTTP server, you need
to first set the ServerRoot
directive in the httpd.conf
file to point to the directory where the server software is located:
On the NCSA
server, the ScriptAlias
directive in the server resource map file (srm.conf)
indicates the directory where the CGI scripts are placed.
ScriptAlias /cgi-bin/ /usr/local/etc/httpd/cgi-bin/
For example, if a user accesses the URL:
https://your_host.com/cgi-bin/welcome
the local program:
/usr/local/etc/httpd/cgi-bin/welcome
will be executed by the server. You can have multiple directories
to hold CGI scripts:
ScriptAlias /cgi-bin/ /usr/local/etc/httpd/cgi-bin/
ScriptAlias /my-cgi-bin/ /usr/local/etc/httpd/my-cgi-bin/
You might wonder why all CGI programs must be
placed in distinct directories. The most important reason for this
is system security. By having all the programs in one place, a server
administrator can control and monitor all the programs being run
on the system. However, there are directives that allow programs
to be run outside of these directories, based on the file extension.
The following directives, when placed in the srm.conf
configuration file, allow the server to execute files containing
.pl, .sh, or .cgi
extensions.
AddType application/x-httpd-cgi .pl .sh .cgi
However, this could be very dangerous! By globally enabling
all files ending in certain extensions, there is a risk that novice
programmers might write programs that violate system security (e.g.,
printing the contents of important system files to standard output).
On the CERN server, setting up the CGI directory
is done in the httpd.conf file, using the following syntax:
Exec /cgi-bin/* /usr/local/etc/httpd/cgi-bin
