CGI: Introduction: Difference between revisions

Apache with the release of 2.2.18 made a small change, extract from the change log '''''Added shebang check for '! so that .vbs scripts work as CGI''''' hidden in that statement is the ability not only to run VBScripts as CGI but also JavaScripts. A more profound implication is the ability to create dynamic web sites using Apache alone removing the bloat of PHP and MySQL. This tutorial revisits the mini-server series and updates the basic Apache server to include the new Apache 2.2.21 core and control architecture from Uniform Server Coral-8 series.

This new mini-server, Coral-Mini is used for running tutorial examples. These examples provide an introduction to CGI scripting, they are written in VBScript and JavaScript. Before looking at CGI scripting the mini-server architecture is first covered.

Download the Coral-Mini server from SourceForge [http://sourceforge.net/projects/miniserver/files/MiniServer/Coral_MiniServer/ Project Page] save the file '''coral_mini_server.exe''' to any folder of your choice.

===Extract files===

Double click on coral_mini_server.exe, starts the extraction process. No need to change the folder destination. Click extract; this creates a new folder '''MiniServer''' containing four files and four folders.

# Stop_Coral_Mini.exe  - Double click to stop server

# tutorial.bat - Displays this tutorial in default browser

# apache2 - Apache sever files and configuration

# www - Root folder. Apache servers files from this folder.   

# Start the server by double clicking on Start_Coral_Mini.exe (automatically configures server paths.)

# The index page index.html is displayed.

Apache comes with a vast array of modules a full list and description can be found here [http://httpd.apache.org/docs/2.2/mod/ Apache Docs] Modules used in the Coral-mini server are listed below, note the core module is part of the main binary (program) and loaded by default.

Highlighted in bold are separate modules these are loaded using Apache's configuration file '''httpd.conf'''.  

|core||Core Apache HTTP Server features that are always available included in the binary (program).

|mpm_winnt.c||WinNT MPM part of the Windows Apache core. A Multi-Processing Module (MPM) it is the default for Windows NT operating systems. Uses a single control process which launches a single child process which in turn creates threads to handle requests. (This is the reason you will see two Apache processes in task manager)

|'''authz_host_module'''||Group authorizations based on host (name or IP address). Required to restrict access to folders etc.

|'''mod_dir'''||Provides for "trailing slash" redirects and serving directory index files. (Optional but nice to have otherwise a user needs to type index.html on entry to a folder or for initial web site access. It prevents this error message: The requested URL / was not found on this server.)

|'''mod_mime'''||Associates the requested filename's extensions with the file's behavior (handlers and filters) and content (mime-type, language, character set and encoding) Note without this module the file will be served as plain text. DefaultType text/plain

|'''mod_rewrite'''||Provides rewriting of requested URLs on the fly. Allows masking of file extensions for example a request for index.htm results in page index.vbs being run on the server and the result returned as index.htm

|'''mod_cgi'''||Provides an interface for running CGI scripts. Scripts that require running are targeted using the AddHandler directive this directive associates file extensions with CGI scripts.

On starting Apache it is supplied with the location and name of a configuration file this overrides the default location compiled into the program. Its common practice to name the file '''httpd.conf''' and place it in a sub-folder named '''conf''' Coral-mini uses this convention.

Coral-Mini Server uses the following configuration file: MiniServer\apache2\conf\'''httpd.conf'''

'''Note:''' Apache’s example configuration file contains a lot of detailed information I personally find this confusing and prefer to remove this detail.

'''Tip:''' Check Apache’s example files and list them in that order, avoids any problems.

These settings are common to the main server. Most settings in this section have defaults however I like to see what I am using hence list them regardless.

* '''ServerName:''' For reliability always specify a host name and port. Note: localhost is valid however if you have a DNS entry use your fully qualified domain name eg www.fred.com Alternatively you can leave this as localhost and use your fully qualified domain name in a Vhost section (not covered in this server example).

* '''DirectoryIndex:''' When a user requests a page supplying only a folder name (example fred.com) the index page is automatically returned by default. Note you can have more than one index page in the same folder with a different file extension. Order of priority left to right, first one found in the list is returned, all others are ignored.

Most settings in this section have defaults however again I like to see what I am using hence list them regardless.

Apache has access to all folders and files on the drive it is installed on

* '''Options None:''' Turns off, directory browsing, server side includes, CGI execution, follow symbolic links.

Only way to gain access is to target each folder in turn and open it up as required second Directory directive targets folder www this contains your web site.

* '''Options Indexes Includes:''' Turns on, directory browsing and server side includes.

* '''Allow from all:''' Everyone allowed access to folder www and its sub-folders.

The '''AccessFileName''' directive defines the file name to use for secondary configuration files by convention the name is '''.htaccess'''

Access to these files is retricted using the '''Files''' directive. The regex also prevents '''.htpasswd''' files from being viewed by Web clients.  

In conjunction with the mime_module the directive TypesConfig is used to specify a file which maps extensions onto MIME types. Note without the module and this file served pages will be in plain text.<br />

Coral-Mini uses a greatly reduced mime.types file it contains only commonly used types.  

The following provides a general overview how to configuring Apache to run CGI scripts. In order to run CGI programs Apache requires configuration directives to permit CGI execution. You can use one of the following methods to permit CGI execution

The '''ScriptAlias''' directive tells Apache that a particular directory is set aside for CGI programs. Apache now assumes every file in this directory is a CGI program. When a page from this folder is requested Apache will attempt to execute it using the appropriate program.

The directive defines a URL prefix (cgi-bin) that is mapped to a particular folder (directory). ScriptAlias informs Apache everything under that URL prefix will be considered a CGI program.

On hosted sites for security reasons CGI programs are restricted to ScriptAlias'ed folders. However you can run CGI programs from any folder. As an alternative to ScriptAlias you can use the Options directive, inside your main server configuration file, to specify that CGI execution is permitted in a particular directory.

Using '''.htaccess''' files allow you to set configuration directives on a per-directory basis. Apache looks in a folder from which it is serving for this file and applies the directives found. To enable the use of .htaccess files edit the Apache configuration files as follows:

Change or add the AllowOverride directive in a specific folder directive for example www as shown below:

If not already included add the following block of code to prevent .htaccess and .htpasswd files from being viewed by Web clients:

'''''Note'':''' All Uniform Servers have been pre-configured to allow the use of .htaccess files.

Using either of the above methods Apache will attempt to execute every file as a CGI script this includes files such as css and images. Clearly these are not CGI scripts and would produce errors when executed. To resolve this you need to inform the server what files are genuine CGI scripts using the AddHandler directive.

The above AddHandler directive informs the server to treat all files with a cgi, pl or vbs extension as CGI programs:

Tutorial examples require a test folder and .htaccess file.

*In folder MiniServer\www create a new folder '''vbs_test''' this will contain your tutorial scripts.

|If you have problems creating the .htaccess file copy the one from folder www.

Although tutorial examples specifically refer to the Coral-Mini Server they can be run on any Uniform Server that contains Apache 2.2.18 or above. Just create the test folder and add the .htaccess file described above.