mod_cgi.html.en 18.4 KB
Newer Older
powelld's avatar
powelld committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head>
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
<!--
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
              This file is generated from xml source: DO NOT EDIT
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
      -->
<title>mod_cgi - Apache HTTP Server Version 2.4</title>
<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
<script src="../style/scripts/prettify.min.js" type="text/javascript">
</script>

<link href="../images/favicon.ico" rel="shortcut icon" /></head>
<body>
<div id="page-header">
<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p>
<p class="apache">Apache HTTP Server Version 2.4</p>
<img alt="" src="../images/feather.png" /></div>
<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
<div id="path">
<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.4</a> &gt; <a href="./">Modules</a></div>
<div id="page-content">
<div id="preamble"><h1>Apache Module mod_cgi</h1>
<div class="toplang">
<p><span>Available Languages: </span><a href="../en/mod/mod_cgi.html" title="English">&nbsp;en&nbsp;</a> |
<a href="../fr/mod/mod_cgi.html" hreflang="fr" rel="alternate" title="Franais">&nbsp;fr&nbsp;</a> |
<a href="../ja/mod/mod_cgi.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |
<a href="../ko/mod/mod_cgi.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a></p>
</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Execution of CGI scripts</td></tr>
<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Base</td></tr>
<tr><th><a href="module-dict.html#ModuleIdentifier">ModuleIdentifier:</a></th><td>cgi_module</td></tr>
<tr><th><a href="module-dict.html#SourceFile">SourceFile:</a></th><td>mod_cgi.c</td></tr></table>
<h3>Summary</h3>

    <p>Any file that has the handler
    <code>cgi-script</code> will be treated
    as a CGI script, and run by the server, with its output being
    returned to the client. Files acquire this handler either by
    having a name containing an extension defined by the
    <code class="directive"><a href="../mod/mod_mime.html#addhandler">AddHandler</a></code> directive, or by being
    in a <code class="directive"><a href="../mod/mod_alias.html#scriptalias">ScriptAlias</a></code>
    directory.</p>

    <p>For an introduction to using CGI scripts with Apache, see
    our tutorial on <a href="../howto/cgi.html">Dynamic Content
    With CGI</a>.</p>

    <p>When using a multi-threaded MPM under unix, the module
    <code class="module"><a href="../mod/mod_cgid.html">mod_cgid</a></code> should be used in place of
    this module. At the user level, the two modules are essentially
    identical.</p>

    <p>For backward-compatibility, the cgi-script handler will also be activated
    for any file with the mime-type <code>application/x-httpd-cgi</code>. The
    use of the magic mime-type is deprecated.</p>
</div>
<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><h3>Topics</h3>
<ul id="topics">
<li><img alt="" src="../images/down.gif" /> <a href="#env">CGI Environment variables</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#cgi-debug">CGI Debugging</a></li>
</ul><h3 class="directives">Directives</h3>
<ul id="toc">
<li><img alt="" src="../images/down.gif" /> <a href="#scriptlog">ScriptLog</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#scriptlogbuffer">ScriptLogBuffer</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#scriptloglength">ScriptLogLength</a></li>
</ul>
<h3>Bugfix checklist</h3><ul class="seealso"><li><a href="https://www.apache.org/dist/httpd/CHANGES_2.4">httpd changelog</a></li><li><a href="https://bz.apache.org/bugzilla/buglist.cgi?bug_status=__open__&amp;list_id=144532&amp;product=Apache%20httpd-2&amp;query_format=specific&amp;order=changeddate%20DESC%2Cpriority%2Cbug_severity&amp;component=mod_cgi">Known issues</a></li><li><a href="https://bz.apache.org/bugzilla/enter_bug.cgi?product=Apache%20httpd-2&amp;component=mod_cgi">Report a bug</a></li></ul><h3>See also</h3>
<ul class="seealso">
<li><code class="directive"><a href="../mod/core.html#acceptpathinfo">AcceptPathInfo</a></code></li>
<li><code class="directive"><a href="../mod/core.html#options">Options</a></code> ExecCGI</li>
<li><code class="directive"><a href="../mod/mod_alias.html#scriptalias">ScriptAlias</a></code></li>
<li><code class="directive"><a href="../mod/mod_mime.html#addhandler">AddHandler</a></code></li>
<li><a href="../suexec.html">Running CGI programs under different
    user IDs</a></li>
<li><a href="http://www.ietf.org/rfc/rfc3875">CGI Specification</a></li>
<li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="env" id="env">CGI Environment variables</a></h2>
    <p>The server will set the CGI environment variables as described
    in the <a href="http://www.ietf.org/rfc/rfc3875">CGI specification</a>,
    with the following provisions:</p>

    <dl>
      <dt>PATH_INFO</dt>

      <dd>This will not be available if the <code class="directive"><a href="../mod/core.html#acceptpathinfo">AcceptPathInfo</a></code> directive is explicitly set to
      <code>off</code>.  The default behavior, if <code class="directive">AcceptPathInfo</code> is not given, is that <code class="module"><a href="../mod/mod_cgi.html">mod_cgi</a></code> will accept path info (trailing <code>
      /more/path/info</code> following the script filename in the URI),
      while the core server will return a 404 NOT FOUND error for requests
      with additional path info. Omitting the <code class="directive">AcceptPathInfo</code> directive has the same effect as setting
      it <code>On</code> for <code class="module"><a href="../mod/mod_cgi.html">mod_cgi</a></code> requests.</dd>

      <dt>REMOTE_HOST</dt>

      <dd>This will only be set if <code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code> is set to <code>on</code> (it
      is off by default), and if a reverse DNS lookup of the accessing
      host's address indeed finds a host name.</dd>

      <dt>REMOTE_IDENT</dt>

      <dd>This will only be set if <code class="directive"><a href="../mod/mod_ident.html#identitycheck">IdentityCheck</a></code> is set to
      <code>on</code> and the accessing host supports the ident
      protocol. Note that the contents of this variable cannot be
      relied upon because it can easily be faked, and if there is a
      proxy between the client and the server, it is usually
      totally useless.</dd>

      <dt>REMOTE_USER</dt>

      <dd>This will only be set if the CGI script is subject to
      authentication.</dd>

    </dl>
    <p>This module also leverages the core functions 
       <a href="https://ci.apache.org/projects/httpd/trunk/doxygen/group__APACHE__CORE__SCRIPT.html#ga0e81f9571a8a73f5da0e89e1f46d34b1">ap_add_common_vars</a> and 
       <a href="https://ci.apache.org/projects/httpd/trunk/doxygen/group__APACHE__CORE__SCRIPT.html#ga6b975cd7ff27a338cb8752381a4cc14f">ap_add_cgi_vars</a> 
       to add environment variables like:</p> 
       <dl>
           <dt>DOCUMENT_ROOT</dt>

           <dd>Set with the content of the related <code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code> directive.</dd>

           <dt>SERVER_NAME</dt>

           <dd>The fully qualified domain name related to the request.</dd>

           <dt>SERVER_ADDR</dt>

           <dd>The IP address of the Virtual Host serving the request.</dd>

           <dt>SERVER_ADMIN</dt>

           <dd>Set with the content of the related <code class="directive"><a href="../mod/core.html#serveradmin">ServerAdmin</a></code> directive.</dd>
      </dl>
    <p>For an exhaustive list it is suggested to write a basic CGI script 
       that dumps all the environment variables passed by Apache in a convenient format.
    </p>   
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="cgi-debug" id="cgi-debug">CGI Debugging</a></h2>
    <p>Debugging CGI scripts has traditionally been difficult, mainly
    because it has not been possible to study the output (standard
    output and error) for scripts which are failing to run
    properly. These directives provide more detailed logging of errors
    when they occur.</p>

    <h3>CGI Logfile Format</h3>
      <p>When configured, the CGI error log logs any CGI which does not
      execute properly. Each CGI script which fails to operate causes
      several lines of information to be logged. The first two lines
      are always of the format:</p>

      <div class="example"><p><code>
        %% [<var>time</var>] <var>request-line</var><br />
        %% <var>HTTP-status</var> <var>CGI-script-filename</var>
      </code></p></div>

      <p>If the error is that CGI script cannot be run, the log file
      will contain an extra two lines:</p>

      <div class="example"><p><code>
        %%error<br />
        <var>error-message</var>
      </code></p></div>

      <p>Alternatively, if the error is the result of the script
      returning incorrect header information (often due to a bug in
      the script), the following information is logged:</p>

      <div class="example"><p><code>
        %request<br />
        <var>All HTTP request headers received</var><br />
        <var>POST or PUT entity (if any)</var><br />
        %response<br />
        <var>All headers output by the CGI script</var><br />
        %stdout<br />
        <var>CGI standard output</var><br />
        %stderr<br />
        <var>CGI standard error</var><br />
      </code></p></div>

      <p>(The %stdout and %stderr parts may be missing if the script did
      not output anything on standard output or standard error).</p>
    
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="ScriptLog" id="ScriptLog">ScriptLog</a> <a name="scriptlog" id="scriptlog">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Location of the CGI script error logfile</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ScriptLog <var>file-path</var></code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td><code class="module"><a href="../mod/mod_cgi.html">mod_cgi</a></code>, <code class="module"><a href="../mod/mod_cgid.html">mod_cgid</a></code></td></tr>
</table>
    <p>The <code class="directive">ScriptLog</code> directive sets the CGI
    script error logfile. If no <code class="directive">ScriptLog</code> is given,
    no error log is created. If given, any CGI errors are logged into the
    filename given as argument. If this is a relative file or path it is
    taken relative to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.
    </p>

    <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">ScriptLog logs/cgi_log</pre>
</div>

    <p>This log will be opened as the user the child processes run
    as, <em>i.e.</em> the user specified in the main <code class="directive"><a href="../mod/mod_unixd.html#user">User</a></code> directive. This means that
    either the directory the script log is in needs to be writable
    by that user or the file needs to be manually created and set
    to be writable by that user. If you place the script log in
    your main logs directory, do <strong>NOT</strong> change the
    directory permissions to make it writable by the user the child
    processes run as.</p>

    <p>Note that script logging is meant to be a debugging feature
    when writing CGI scripts, and is not meant to be activated
    continuously on running servers. It is not optimized for speed
    or efficiency, and may have security problems if used in a
    manner other than that for which it was designed.</p>

</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="ScriptLogBuffer" id="ScriptLogBuffer">ScriptLogBuffer</a> <a name="scriptlogbuffer" id="scriptlogbuffer">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Maximum amount of PUT or POST requests that will be recorded
in the scriptlog</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ScriptLogBuffer <var>bytes</var></code></td></tr>
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ScriptLogBuffer 1024</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td><code class="module"><a href="../mod/mod_cgi.html">mod_cgi</a></code>, <code class="module"><a href="../mod/mod_cgid.html">mod_cgid</a></code></td></tr>
</table>
    <p>The size of any PUT or POST entity body that is logged to
    the file is limited, to prevent the log file growing too big
    too quickly if large bodies are being received. By default, up
    to 1024 bytes are logged, but this can be changed with this
    directive.</p>

</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="ScriptLogLength" id="ScriptLogLength">ScriptLogLength</a> <a name="scriptloglength" id="scriptloglength">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Size limit of the CGI script logfile</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ScriptLogLength <var>bytes</var></code></td></tr>
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>ScriptLogLength 10385760</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td><code class="module"><a href="../mod/mod_cgi.html">mod_cgi</a></code>, <code class="module"><a href="../mod/mod_cgid.html">mod_cgid</a></code></td></tr>
</table>
    <p><code class="directive">ScriptLogLength</code> can be used to limit the
    size of the CGI script logfile. Since the logfile logs a lot of
    information per CGI error (all request headers, all script output)
    it can grow to be a big file. To prevent problems due to unbounded
    growth, this directive can be used to set an maximum file-size for
    the CGI logfile. If the file exceeds this size, no more
    information will be written to it.</p>

</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_cgi.html" title="English">&nbsp;en&nbsp;</a> |
<a href="../fr/mod/mod_cgi.html" hreflang="fr" rel="alternate" title="Franais">&nbsp;fr&nbsp;</a> |
<a href="../ja/mod/mod_cgi.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |
<a href="../ko/mod/mod_cgi.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a></p>
</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>
<script type="text/javascript"><!--//--><![CDATA[//><!--
var comments_shortname = 'httpd';
var comments_identifier = 'http://httpd.apache.org/docs/2.4/mod/mod_cgi.html';
(function(w, d) {
    if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
        d.write('<div id="comments_thread"><\/div>');
        var s = d.createElement('script');
        s.type = 'text/javascript';
        s.async = true;
        s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
        (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
    }
    else { 
        d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
    }
})(window, document);
//--><!]]></script></div><div id="footer">
<p class="apache">Copyright 2017 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
if (typeof(prettyPrint) !== 'undefined') {
    prettyPrint();
}
//--><!]]></script>
</body></html>