[Nottingham] CGI Scripts on Server

Graeme Fowler graeme at graemef.net
Thu Aug 3 23:57:50 BST 2006


On Thu, 2006-08-03 at 10:04 +0100, Raphael Gangneux wrote:
> And add .pl if you want to be able to execute .pl scripts.
> i.e.: AddHandler cgi-script .cgi .pl
> Also I think you need to modify the '/' directory block with: +Execcgi
> i.e.: Options FollowSymLinks +Execcgi
> correct me if I'm wrong :-)

Partially :)

The first bit is correct on a server-wide basis (in my example), but can
be tailored down to per-directory granularity if done in the right

The second bit is only relevant if you want to run CGI scripts _outside_
a cgi-bin directory. In bulk web hosting (like we knew and, erm, liked
sometimes) this is often the default but it can cause enormous problems
with unvalidated scripts running. As you know.

In Johan's original post, he asked how to get a server-wide cgi-bin
directory running. On an FC4 server with basically default Apache
configs, uncommenting the AddHandler line and restarting Apache is
enough to get stuff in /var/www/cgi-bin/ executing as a CGI script.

His second question - about making it available per-virtual-host - is
more complex, and throws up a whole heap of issues related to security.
Who is running the scripts? Which context are we in (server-wide, vhost,
directory)? Is there a CGI wrapper like SuEXEC involved? Do you know
(and trust) all the users on the box ? (The usual answer here is a
resounding, capitalised NO). 

Ooh, there's a minefield there...


More information about the Nottingham mailing list