Web Server Design Week 13 Old Dominion University Department of Computer Science CS 495/595 Spring 2012 Michael L. Nelson 04/03/12

Common Gateway Interface A method for remotely invoking executable programs on a server –A long-time convention –finally defined in RFC 3875 client server GET /foo.cgi HTTP/1.1 foo.cgi 200 OK

CGI Invocation How Apache does it: – We’ll live slightly more dangerously: –any executable (non-directory) file can be invoked as CGI with: POST GET w/ query string –e.g. /a/b/c.cgi?var1=foo&var2=bar

CGI Operation The CGI program is responsible for returning (on STDOUT) some combination of its own headers: –Content-type –Location –Status –and other locally-defined headers Script-returned headers are: –collected by the server –processed; e.g.: “Location” -> HTTP/ Found Status -> HTTP response code line –combined with the server’s headers Resulting headers are returned to the client

Partial vs. Non-Parsed Headers The approach in the prior slide is what is known as "partial headers" (a combination of the headers from CGI script + the server) You can also have your script be responsible for all of the headers, in non-parsed-headers (nph) mode. –somewhat outdated, but possible –see:

Status % more status.cgi #!/usr/bin/perl print "Status: 678 This is not a real HTTP status code\n"; print "X-This-Header-Is-Madeup: foo=bar\n\n"; % telnet 80 Trying Connected to xenon.cs.odu.edu. Escape character is '^]'. GET /~mln/teaching/cs595-s12/cgi/status.cgi HTTP/1.1 Host: HTTP/ This is not a real HTTP status code Date: Tue, 03 Apr :01:58 GMT Server: Apache/ (Unix) PHP/5.3.5 mod_ssl/ OpenSSL/0.9.8q X-This-Header-Is-Madeup: foo=bar Content-Length: 0 Content-Type: text/plain Connection closed by foreign host.

Status With an Entity % cat status-entity.cgi #!/usr/bin/perl print "Status: 678 This is not a real HTTP status code\n"; print "X-This-Header-Is-Madeup: foo=bar\n"; print "Content-type: text/html\n\n"; print "this is not a header, this is part of the entity...\n" % curl -i HTTP/ This is not a real HTTP status code Date: Tue, 03 Apr :11:57 GMT Server: Apache/ (Unix) PHP/5.3.5 mod_ssl/ OpenSSL/0.9.8q X-This-Header-Is-Madeup: foo=bar Content-Length: 52 Content-Type: text/html this is not a header, this is part of the entity...

Location % more location.cgi #!/usr/bin/perl print "Location: % telnet 80 Trying Connected to xenon.cs.odu.edu. Escape character is '^]'. GET /~mln/teaching/cs595-s06/cgi/location.cgi HTTP/1.1 Host: HTTP/ Found Date: Mon, 24 Apr :40:31 GMT Server: Apache/2 Location: Content-Length: 277 Content-Type: text/html; charset=iso Found Found The document has moved here. Apache/2 Server at Port 80 note how the entity is automatically constructed

Location Fixes the Entity… % cat location-entity.cgi #!/usr/bin/perl print "Location: print "Content-type: text/plain\n\n"; print "this will never get printed..." % curl -i HTTP/ Found Date: Tue, 03 Apr :27:33 GMT Server: Apache/ (Unix) PHP/5.3.5 mod_ssl/ OpenSSL/0.9.8q Location: Content-Length: 329 Content-Type: text/html; charset=iso Found Found The document has moved here. Apache/ (Unix) PHP/5.3.5 mod_ssl/ OpenSSL/0.9.8q Server at Port 80

Content-type % more ls.cgi #!/usr/bin/perl print "Content-type: text/plain\n\n"; $ls = `ls -alR`; print "$ls\n"; % telnet 80 Trying Connected to xenon.cs.odu.edu. Escape character is '^]'. HEAD /~mln/teaching/cs595-s07/cgi/ls.cgi HTTP/1.1 Connection: close Host: HTTP/ OK Date: Mon, 09 Apr :31:12 GMT Server: Apache/2.2.0 Connection: close Content-Type: text/plain Connection closed by foreign host. note how status 200 OK is automatically constructed

CGI Environment Section 4.1, RFC 3875 –AUTH_TYPE, CONTENT_LENGTH, CONTENT_TYPE, GATEWAY_INTERFACE, PATH_INFO, PATH_TRANSLATED, QUERY_STRING, REMOTE_ADDR, REMOTE_HOST, REMOTE_IDENT, REMOTE_USER, REQUEST_METHOD, SCRIPT_NAME, SERVER_NAME, SERVER_PORT, SERVER_PROTOCOL, SERVER_SOFTWARE In practice, slightly different: –

How to Customize the Environment? C: –fork() & execve() Perl: –set %ENV –fork() & exec() Python: –set %ENV –fork () & execve() Others??? –please share w/ the list

ENV & CGI Examples #!/usr/bin/perl print "Content-type: text/html\n\n"; foreach $key (keys (%ENV)) { print "$key = $ENV{$key} \n"; } while ( ) { print "$_ \n"; } {GET, POST} X {multipart/form-data, application/x-form-www-urlencoded}