CGI Programming on the World Wide WebBy Shishir Gundavaram
1st Edition March 1996
This book is out of print, but it has been made available online through the O'Reilly Open Books Project.
Before you can run CGI programs on your server, certain parameters in the server configuration files must be modified. If you are using either the NCSA or CERN HTTP server, you need to first set the ServerRoot directive in the httpd.conf file to point to the directory where the server software is located:
On the NCSA server, the ScriptAlias directive in the server resource map file (srm.conf) indicates the directory where the CGI scripts are placed.
ScriptAlias /cgi-bin/ /usr/local/etc/httpd/cgi-bin/
For example, if a user accesses the URL:
the local program:
will be executed by the server. You can have multiple directories to hold CGI scripts:
ScriptAlias /cgi-bin/ /usr/local/etc/httpd/cgi-bin/ ScriptAlias /my-cgi-bin/ /usr/local/etc/httpd/my-cgi-bin/
You might wonder why all CGI programs must be placed in distinct directories. The most important reason for this is system security. By having all the programs in one place, a server administrator can control and monitor all the programs being run on the system. However, there are directives that allow programs to be run outside of these directories, based on the file extension. The following directives, when placed in the srm.conf configuration file, allow the server to execute files containing .pl, .sh, or .cgi extensions.
AddType application/x-httpd-cgi .pl .sh .cgi
However, this could be very dangerous! By globally enabling all files ending in certain extensions, there is a risk that novice programmers might write programs that violate system security (e.g., printing the contents of important system files to standard output).
On the CERN server, setting up the CGI directory is done in the httpd.conf file, using the following syntax:
Exec /cgi-bin/* /usr/local/etc/httpd/cgi-bin
Back to: CGI Programming on the World Wide Web
© 2001, O'Reilly & Associates, Inc.