Download presentation
Presentation is loading. Please wait.
Published byἈχιλλεύς Δεσποτόπουλος Modified over 5 years ago
1
Common Gateway Interface (CGI current version 1.1)
a standard for external applications to interface with information servers such as HTTP servers These external applications typically help to relay info between httpd and other software systems,e.g., DB. This is how CGI gets its gateway name. They are called CGI programs and can be written in any language that follows the CGI spec. PERL, PERL, Unix shell, C/C+, Fortran, TCL, Visual Basic It is executed dynamically, provides dynamic content. 12/31/2018 C. Edward Chow
2
CGI Security Concerns CGI program runs with ID of the httpd (webuser in our case, nobody in many other web servers) It can retrieve and overwrite files in directories which it has access permission! “Security by Obscurity” Kept at different directory than that for web pages so bad guys can’t read, edit, analyze them for security holes. Example on why apache by default does not allow to follow soft link (ln -s). Bad guy set up ln -s to a script. Then use web browser, through httpd (new permission as webuser) to retrieve the text of the script. 12/31/2018 C. Edward Chow
3
Apache CGI Configuration
Allow read and execute access of the CGI programs, and possible write access to the data directories used by them. ScriptAlias URLpath directory e.g., ScriptAlias /cgi-bin /mpc/home/<login>/sites/cgi-bin Incoming url with /cgi-bin/echoorder.pl cause /mpc/home/<login>/sites/cgi-bin/echoorder.pl to run. 12/31/2018 C. Edward Chow
4
Apache CGI Exercise 1 cd /mpc/home/<login>/site.cgi/conf
Run sub.pl <your port#>. It will modify the go script and conf/httpd.conf Start web server with go On browser, retrieve Fill the form and submit the query. Observe the environment variables returned. 12/31/2018 C. Edward Chow
5
Apache CGI Exercise 2 The myecho is the object code for Freebsd. Recompile myecho with “make”. cp form_summer.html form_summer2.html Edit the form_summer2.html by replacing /cgi-bin/mycgi with /cgi-bin/myecho in <FORM> tag rename it as form_summer2.html On browser, retrieve Observe the return web page. 12/31/2018 C. Edward Chow
6
CGI.pm: A Perl5 CGI Library
Echoorder.pl and process.pl are written with the recent version 2.36 of CGI.pm by Lincoln Stein It provides functions for parsing the querying string creating web pages/fill-out forms saving/retrieving the querying string to files HTTP session variables cookie, frame, javascript, and NPH support Debug the perl script by ./<script>.pl enter the query string, e.g., order1=3&order2=4 12/31/2018 C. Edward Chow
7
Passing Variables to CGI Program
SetEnv variable value SetEnv VHOST customers, set env variable value. PassEnv <host env variable> pass host environment variables to CGI program Find out the browser and version number BrowserMatch browserRE env[=val1] env2[=val2] browserRE regular expression match the value in User-Agent header, when matched env var. are set. e.g., BrowserMatch ^Mozilla/[23] tables=3 java frame 12/31/2018 C. Edward Chow
8
Apache Built-in Handlers
Perform certain actions when a file with particular MIME or handler type is called. server-status: Get server’s current status server-info: Get server’s configuration server-parse: Parses server-side includes AddHandler handler-name extension map filename extension to handler-name and wake up an existing handler. e.g., AddHandler cgi-script cgi treat files with .cgi extension as executable CGI script 12/31/2018 C. Edward Chow
9
SetHandler: Site.status
Include “SetHandler <handler-name>“ in block directives, such as <directory> <location> <files> Apply the transformation specified by handler-name to all files in the block. ExtendedStatus On <Location /status> <Limit GET> order deny, allow allow from deny from all </Limit> SetHandler server-status </Location> Require mod_access. Method in <limit> must be upper case, e.g., GET instead of get in Apache <limit get> is ok but not in Apache allow from is wrong resulting in forbidden access. Append the above in httpd.conf, try 12/31/2018 C. Edward Chow
10
Perform Filtering on Certain File Type
Site.filter demonstrates the compress of .html using gzip and save it as .zhtml file. How much storage we save in a web site by using this? Overheadcompression, modification of web pages! decompression on retrieval Actually there is an error on index.zhtml The httpd.conf include AddHandler peter-gzipped-html ghtml Action peter-gzipped-html /cgi-bin/unziphtml Action <type> <cgi-script> pass file with type=<type> through <cgi-script> 12/31/2018 C. Edward Chow
11
Site.Filter unziphtml: #!/bin/sh echo "content-type: text/html" echo
gzip -S .zhtml -d -c $PATH_TRANSLATED gzip option: -c write output to stdout. -d decompress -S .zhtml use suffix .zhtml instead of .gz Note that the .ghtml files got garbled. mime.types file format does not allow .html.gz 12/31/2018 C. Edward Chow
12
Compressing/Modifying Web Pages
The web pages provided in site.filter from CD-ROM is not correct. Please regenerate them with the following instruction. Note that before you compressed, you need modify the links to the compressed .zhtml files. mv htdocs to htdoc.orig mkdir htdocs; cd htdocs cp ../../site.virtual/htdocs/customers/* . Replace the <li><A href="catalog_summer.html">Summer catalog </A> <li><A href="catalog_autumn.html">Autumn catalog </A> WITH <li><A href="catalog_summer.zhtml">Summer catalog </A> <li><A href="catalog_autumn.zhtml">Autumn catalog </A> Gzip *.html Rename *.html.gz with *.zhtml 12/31/2018 C. Edward Chow
13
Homework#4 Exercise 1: Setup site.cgi Exercise 2: Setup site.status
Exercise 3: Setup site.filter. 12/31/2018 C. Edward Chow
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.