Web Server Design

Week 14

Old Dominion UniversityDepartment of Computer Science

CS 495/595 Spring 2010

Martin Klein <mklein@cs.odu.edu>

4/14/10

Common Gateway Interface

• A method for remotely invoking executable programs on a server– A long-time convention

• http://web.archive.org/web/20071023072800/http://hoohoo.ncsa.uiuc.edu/cgi/

– finally defined in RFC 3875

client serverGET /foo.cgi HTTP/1.1

foo.cgi200 OK

CGI Invocation

• How Apache does it:– http://httpd.apache.org/docs/2.0/mod/mod_cgi.html

• We’ll live slightly more dangerously:– any executable (non-directory) file can be invoked as CGI with:•POST•GET w/ query string

– e.g. /a/b/c.cgi?var1=foo&var2=bar

CGI Operation• The CGI program is responsible for returning (on STDOUT) some combination of its own headers:– Content-type– Location– Status– and other locally-defined headers

• Script-returned headers are:– collected by the server– processed; e.g.:

• “Location” -> HTTP/1.1 302 Found• Status -> HTTP response code line

– combined with the server’s headers

• Resulting headers are returned to the client

Status% more status.cgi #!/usr/bin/perl

print "Status: 678 This is not a real HTTP status code\n\n";

mk$ telnet www.cs.odu.edu 80Trying 128.82.4.2...Connected to xenon.cs.odu.edu.Escape character is '^]'.GET /~mklein/teaching/cs595-s10/cgi/status.cgi HTTP/1.1Host: www.cs.odu.edu Connection: close

HTTP/1.1 678 This is not a real HTTP status codeDate: Wed, 14 Apr 2010 13:55:05 GMTServer: Apache/2.2.14 (Unix) DAV/2 PHP/5.2.11Content-Length: 0Connection: closeContent-Type: text/plain

Connection closed by foreign host.

Location% more location.cgi #!/usr/bin/perl

print "Location: http://www.cs.odu.edu/~mklein/\n\n";

mk$ telnet www.cs.odu.edu 80Trying 128.82.4.2...Connected to xenon.cs.odu.edu.Escape character is '^]'.GET /~mklein/teaching/cs595-s10/cgi/location.cgi HTTP/1.1Host: www.cs.odu.edu Connection: close

HTTP/1.1 302 FoundDate: Wed, 14 Apr 2010 13:58:01 GMTServer: Apache/2.2.14 (Unix) DAV/2 PHP/5.2.11Location: http://www.cs.odu.edu/~mklein/Content-Length: 309Connection: closeContent-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="http://www.cs.odu.edu/~mklein/">here</a>.</p><hr><address>Apache/2.2.14 (Unix) DAV/2 PHP/5.2.11 Server at www.cs.odu.edu Port 80</address></body></html>Connection closed by foreign host.

Content-type% more ls.cgi#!/usr/bin/perl

print "Content-type: text/plain\n\n";

$ls = `ls -alR`;

print "$ls\n";

mk$ telnet www.cs.odu.edu 80Trying 128.82.4.2...Connected to xenon.cs.odu.edu.Escape character is '^]'.HEAD /~mklein/teaching/cs595-s10/cgi/ls.cgi HTTP/1.1Host: www.cs.odu.edu Connection: close

HTTP/1.1 200 OKDate: Wed, 14 Apr 2010 14:01:57 GMTServer: Apache/2.2.14 (Unix) DAV/2 PHP/5.2.11Connection: closeContent-Type: text/plain

Connection closed by foreign host.

CGI Environment

• Section 4.1, RFC 3875– AUTH_TYPE, CONTENT_LENGTH, CONTENT_TYPE, GATEWAY_INTERFACE, PATH_INFO, PATH_TRANSLATED, QUERY_STRING, REMOTE_ADDR, REMOTE_HOST, REMOTE_IDENT, REMOTE_USER, REQUEST_METHOD, SCRIPT_NAME, SERVER_NAME, SERVER_PORT, SERVER_PROTOCOL, SERVER_SOFTWARE

• In practice, slightly different:– http://www.cs.odu.edu/~mklein/teaching/cs595-s10/

cgi/env.cgi

How to Customize the Environment?

• C:– fork() & execve()

• Perl:– set %ENV– fork() & exec()

• Python:– set %ENV– fork () & execve()

• Others???– please share w/ the list

ENV & CGI Examples#!/usr/bin/perl

print "Content-type: text/html\n\n";

foreach $key (keys (%ENV)) {

print "$key = $ENV{$key} <br>\n";

}

while (<STDIN>) {

print "$_<br>\n";

}

http://www.cs.odu.edu/~mklein/teaching/cs595-s10/cgi/

{GET, POST} X {multipart/form-data, application/x-form-www-urlencoded}

Advanced Topics: “Soft 404s”

• foo.edu/lookup.php?key=123456• what http status code do you return if:

– script “lookup.php” exists and has no syntax errors

– but key 123456 is deleted or invalid

• Semantic events:– http - 200– database - bad key

• reading:– “Sic Transit Gloria Telae: Towards an Understanding of the Web’s Decay”• http://doi.acm.org/10.1145/988672.988716