2 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
3 <?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
4 <!-- $LastChangedRevision$ -->
7 Licensed to the Apache Software Foundation (ASF) under one or more
8 contributor license agreements. See the NOTICE file distributed with
9 this work for additional information regarding copyright ownership.
10 The ASF licenses this file to You under the Apache License, Version 2.0
11 (the "License"); you may not use this file except in compliance with
12 the License. You may obtain a copy of the License at
14 http://www.apache.org/licenses/LICENSE-2.0
16 Unless required by applicable law or agreed to in writing, software
17 distributed under the License is distributed on an "AS IS" BASIS,
18 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19 See the License for the specific language governing permissions and
20 limitations under the License.
23 <modulesynopsis metafile="mod_cgi.xml.meta">
26 <description>Execution of CGI scripts</description>
28 <sourcefile>mod_cgi.c</sourcefile>
29 <identifier>cgi_module</identifier>
32 <p>Any file that has the handler
33 <code>cgi-script</code> will be treated
34 as a CGI script, and run by the server, with its output being
35 returned to the client. Files acquire this handler either by
36 having a name containing an extension defined by the
37 <directive module="mod_mime">AddHandler</directive> directive, or by being
38 in a <directive module="mod_alias">ScriptAlias</directive>
41 <p>For an introduction to using CGI scripts with Apache, see
42 our tutorial on <a href="../howto/cgi.html">Dynamic Content
45 <p>When using a multi-threaded MPM under unix, the module
46 <module>mod_cgid</module> should be used in place of
47 this module. At the user level, the two modules are essentially
50 <p>For backward-compatibility, the cgi-script handler will also be activated
51 for any file with the mime-type <code>application/x-httpd-cgi</code>. The
52 use of the magic mime-type is deprecated.</p>
55 <seealso><directive module="core">AcceptPathInfo</directive></seealso>
56 <seealso><directive module="core">Options</directive> ExecCGI</seealso>
57 <seealso><directive module="mod_alias">ScriptAlias</directive></seealso>
58 <seealso><directive module="mod_mime">AddHandler</directive></seealso>
59 <seealso><a href="../suexec.html">Running CGI programs under different
60 user IDs</a></seealso>
61 <seealso><a href="http://www.ietf.org/rfc/rfc3875">CGI Specification</a></seealso>
63 <section id="env"><title>CGI Environment variables</title>
64 <p>The server will set the CGI environment variables as described
65 in the <a href="http://www.ietf.org/rfc/rfc3875">CGI specification</a>,
66 with the following provisions:</p>
71 <dd>This will not be available if the <directive module="core"
72 >AcceptPathInfo</directive> directive is explicitly set to
73 <code>off</code>. The default behavior, if <directive
74 >AcceptPathInfo</directive> is not given, is that <module
75 >mod_cgi</module> will accept path info (trailing <code>
76 /more/path/info</code> following the script filename in the URI),
77 while the core server will return a 404 NOT FOUND error for requests
78 with additional path info. Omitting the <directive
79 >AcceptPathInfo</directive> directive has the same effect as setting
80 it <code>On</code> for <module>mod_cgi</module> requests.</dd>
84 <dd>This will only be set if <directive module="core"
85 >HostnameLookups</directive> is set to <code>on</code> (it
86 is off by default), and if a reverse DNS lookup of the accessing
87 host's address indeed finds a host name.</dd>
91 <dd>This will only be set if <directive module="mod_ident"
92 >IdentityCheck</directive> is set to
93 <code>on</code> and the accessing host supports the ident
94 protocol. Note that the contents of this variable cannot be
95 relied upon because it can easily be faked, and if there is a
96 proxy between the client and the server, it is usually
101 <dd>This will only be set if the CGI script is subject to
106 <section id="cgi-debug"><title>CGI Debugging</title>
107 <p>Debugging CGI scripts has traditionally been difficult, mainly
108 because it has not been possible to study the output (standard
109 output and error) for scripts which are failing to run
110 properly. These directives provide more detailed logging of errors
113 <section><title>CGI Logfile Format</title>
114 <p>When configured, the CGI error log logs any CGI which does not
115 execute properly. Each CGI script which fails to operate causes
116 several lines of information to be logged. The first two lines
117 are always of the format:</p>
120 %% [<var>time</var>] <var>request-line</var><br />
121 %% <var>HTTP-status</var> <var>CGI-script-filename</var>
124 <p>If the error is that CGI script cannot be run, the log file
125 will contain an extra two lines:</p>
129 <var>error-message</var>
132 <p>Alternatively, if the error is the result of the script
133 returning incorrect header information (often due to a bug in
134 the script), the following information is logged:</p>
138 <var>All HTTP request headers received</var><br />
139 <var>POST or PUT entity (if any)</var><br />
141 <var>All headers output by the CGI script</var><br />
143 <var>CGI standard output</var><br />
145 <var>CGI standard error</var><br />
148 <p>(The %stdout and %stderr parts may be missing if the script did
149 not output anything on standard output or standard error).</p>
154 <name>ScriptLog</name>
155 <description>Location of the CGI script error logfile</description>
156 <syntax>ScriptLog <var>file-path</var></syntax>
157 <contextlist><context>server config</context>
158 <context>virtual host</context></contextlist>
159 <modulelist><module>mod_cgi</module><module>mod_cgid</module>
163 <p>The <directive>ScriptLog</directive> directive sets the CGI
164 script error logfile. If no <directive>ScriptLog</directive> is given,
165 no error log is created. If given, any CGI errors are logged into the
166 filename given as argument. If this is a relative file or path it is
167 taken relative to the <directive module="core">ServerRoot</directive>.
170 <example><title>Example</title>
171 <highlight language="config">
172 ScriptLog logs/cgi_log
176 <p>This log will be opened as the user the child processes run
177 as, <em>i.e.</em> the user specified in the main <directive
178 module="mod_unixd">User</directive> directive. This means that
179 either the directory the script log is in needs to be writable
180 by that user or the file needs to be manually created and set
181 to be writable by that user. If you place the script log in
182 your main logs directory, do <strong>NOT</strong> change the
183 directory permissions to make it writable by the user the child
184 processes run as.</p>
186 <p>Note that script logging is meant to be a debugging feature
187 when writing CGI scripts, and is not meant to be activated
188 continuously on running servers. It is not optimized for speed
189 or efficiency, and may have security problems if used in a
190 manner other than that for which it was designed.</p>
195 <name>ScriptLogLength</name>
196 <description>Size limit of the CGI script logfile</description>
197 <syntax>ScriptLogLength <var>bytes</var></syntax>
198 <default>ScriptLogLength 10385760</default>
199 <contextlist><context>server config</context>
200 <context>virtual host</context></contextlist>
201 <modulelist><module>mod_cgi</module><module>mod_cgid</module>
205 <p><directive>ScriptLogLength</directive> can be used to limit the
206 size of the CGI script logfile. Since the logfile logs a lot of
207 information per CGI error (all request headers, all script output)
208 it can grow to be a big file. To prevent problems due to unbounded
209 growth, this directive can be used to set an maximum file-size for
210 the CGI logfile. If the file exceeds this size, no more
211 information will be written to it.</p>
216 <name>ScriptLogBuffer</name>
217 <description>Maximum amount of PUT or POST requests that will be recorded
218 in the scriptlog</description>
219 <syntax>ScriptLogBuffer <var>bytes</var></syntax>
220 <default>ScriptLogBuffer 1024</default>
221 <contextlist><context>server config</context>
222 <context>virtual host</context></contextlist>
223 <modulelist><module>mod_cgi</module><module>mod_cgid</module>
227 <p>The size of any PUT or POST entity body that is logged to
228 the file is limited, to prevent the log file growing too big
229 too quickly if large bodies are being received. By default, up
230 to 1024 bytes are logged, but this can be changed with this