Web Server Design Week 14 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 4/14/10

Common Gateway Interface A method for remotely invoking executable programs on a server –A long-time convention a.uiuc.edu/cgi/ a.uiuc.edu/cgi/ –finally defined in RFC 3875 client server GET /foo.cgi HTTP/1.1 foo.cgi 200 OK

CGI Invocation How Apache does it: – We’ll live slightly more dangerously: –any executable (non-directory) file can be invoked as CGI with: POST GET w/ query string –e.g. /a/b/c.cgi?var1=foo&var2=bar

CGI Operation The CGI program is responsible for returning (on STDOUT) some combination of its own headers: –Content-type –Location –Status –and other locally-defined headers Script-returned headers are: –collected by the server –processed; e.g.: “Location” -> HTTP/ Found Status -> HTTP response code line –combined with the server’s headers Resulting headers are returned to the client

Status % more status.cgi #!/usr/bin/perl print "Status: 678 This is not a real HTTP status code\n\n"; mk$ telnet 80 Trying Connected to xenon.cs.odu.edu. Escape character is '^]'. GET /~mklein/teaching/cs595-s10/cgi/status.cgi HTTP/1.1 Host: Connection: close HTTP/ This is not a real HTTP status code Date: Wed, 14 Apr :55:05 GMT Server: Apache/ (Unix) DAV/2 PHP/ Content-Length: 0 Connection: close Content-Type: text/plain Connection closed by foreign host.

Location % more location.cgi #!/usr/bin/perl print "Location: mk$ telnet 80 Trying Connected to xenon.cs.odu.edu. Escape character is '^]'. GET /~mklein/teaching/cs595-s10/cgi/location.cgi HTTP/1.1 Host: Connection: close HTTP/ Found Date: Wed, 14 Apr :58:01 GMT Server: Apache/ (Unix) DAV/2 PHP/ Location: Content-Length: 309 Connection: close Content-Type: text/html; charset=iso Found Found The document has moved here. Apache/ (Unix) DAV/2 PHP/ Server at Port 80 Connection closed by foreign host.

Content-type % more ls.cgi #!/usr/bin/perl print "Content-type: text/plain\n\n"; $ls = `ls -alR`; print "$ls\n"; mk$ telnet 80 Trying Connected to xenon.cs.odu.edu. Escape character is '^]'. HEAD /~mklein/teaching/cs595-s10/cgi/ls.cgi HTTP/1.1 Host: Connection: close HTTP/ OK Date: Wed, 14 Apr :01:57 GMT Server: Apache/ (Unix) DAV/2 PHP/ Connection: close Content-Type: text/plain Connection closed by foreign host.

CGI Environment Section 4.1, RFC 3875 –AUTH_TYPE, CONTENT_LENGTH, CONTENT_TYPE, GATEWAY_INTERFACE, PATH_INFO, PATH_TRANSLATED, QUERY_STRING, REMOTE_ADDR, REMOTE_HOST, REMOTE_IDENT, REMOTE_USER, REQUEST_METHOD, SCRIPT_NAME, SERVER_NAME, SERVER_PORT, SERVER_PROTOCOL, SERVER_SOFTWARE In practice, slightly different: –

How to Customize the Environment? C: –fork() & execve() Perl: –set %ENV –fork() & exec() Python: –set %ENV –fork () & execve() Others??? –please share w/ the list

ENV & CGI Examples #!/usr/bin/perl print "Content-type: text/html\n\n"; foreach $key (keys (%ENV)) { print "$key = $ENV{$key} \n"; } while ( ) { print "$_ \n"; } {GET, POST} X {multipart/form-data, application/x-form-www-urlencoded}

Advanced Topics: “Soft 404s” foo.edu/lookup.php?key= what http status code do you return if: –script “lookup.php” exists and has no syntax errors –but key is deleted or invalid Semantic events: –http –database - bad key reading: –“Sic Transit Gloria Telae: Towards an Understanding of the Web’s Decay”