Login

Language :
TitleApache 웹 서버 CGI 모듈 사용하기
In Apache httpd server, using CGI module.
Writer이지섭Write DateNov 2 2018Modify DateAug 9 2024View Count9811

This is a guide to use CGI (Common Gateway Interface) module in Apache httpd server.

 

1) In httpd.conf, Apache configuration file located in 'conf' directory,

  first remove the comment character, # at the line of mod_cgid.so in LoadModule part,

  so as to use Apache CGI module.

LoadModule cgid_module modules/mod_cgid.so

 

2) In 'alias_module' configuration part, set the path of '/cgi-bin/' like below.

  This module configuration part is already in the 'httpd.conf' file, so find it and then write it.

  In Apache configuration, the sharp, '#' character is comment directive.

<IfModule alias_module>
    #ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/"
    ScriptAlias /cgi-bin/ "/home/ubuntu/cgi-bin/"
</IfModule>

 

3) For the directory configured above, do directory configuration, too.

  There should be 'ExecCGI' property in 'Options' part.

  The directory setting part like '/usr/local/apache2/cgi-bin/' is already there in 'httpd.conf' file.

<Directory "/home/ubuntu/cgi-bin">
    AllowOverride All
    Options ExecCGI
    SetHandler cgi-script
    Require all granted
    Order allow,deny
    Allow from all
</Directory>

 

4) In 'mime_module' configuration, designate the extension for 'cgi-script' file.

  This configures the handler for what extension 'cgi-script' does operate.

  Search 'mime_module' configuration part in the 'httpd.conf' file.

<IfModule mime_module>
    AddHandler cgi-script .cgi .pl .py
</IfModule>

 

5) In case of the Tomcat connection with Apache,

  map the 'cgi-bin' path like below to be processed by Apache httpd server, not by Tomcat in URI mapping.

  (! : exclude by exclamation mark)

!/cgi-bin/*=worker1

 

6) Write CGI script. This is bash shell script.

  Write the file in the directory configured in 2).

#!/bin/bash

echo "Content-type: text/html"
echo ""
echo "Hello.<br/>"

 

7) Give execute permission to the file above.

  Set executable by all, owner, group and other.

chmod a+x test.cgi

 

8) At browser address, write this '/cgi-bin/' file url.

  It outputs 'Hello.'

https://www.jisblee.me/cgi-bin/test.cgi

 

 9) This cgi program can be written with C language.

  Write the source code below (hello.c) to the '/cgi-bin/' directory.

  Then compile and make executable by 'gcc -o hello.cgi hello.c'.

#include <stdio.h>
int main()
{
        printf("Content-type: text/html%c%c", 10, 10);
        printf("Hello, World!");
        return 0;
}

 

10) CGI vulnerability

  By manipulating the input parameter, system command could be executed.

  This can be abused by malicious user.

  CGI must be used in safe manner if necessary.

 

Comment

Name               Password 
Content
Check Password.

Please enter your password when registering your comment.


Confirm   Cancel