In the world of an Apache Webserver, a CGI script ( or Common Gateway Interface script), are programs or scripts that are designed to accept and return dynamic content. CGI scripts are the simplest, and therefore the most common way to use dynamic web content. CGI scripts are usually given the extension .cgi.

In this exercise we have a perl script called hello.cgi that we are going to use for testing. This script will be dropped into our ScriptAlias directory that we are going to configure below.

Configure the Script Alias Directory

In order for Apache to permit cgi

First think that you need to do is add or configure a ScriptAlias directive in /etc/httpd/conf/httpd.conf.  You are given this one by default ….

ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

 

and if you are using Apache as its configured out of the box then you are ok to just drop your cgi-scripts in here. However, just to make things a bit harder, I am running named-based virtual hosts with custom Document Root directories. So my config looks more like this. Note that each of the lines below are in a seperate VirtualHost stanza.

   ScriptAlias /cgi-bin/ "/www2/cgi-bin"
   ScriptAlias /cgi-bin/ "/www3/cgi-bin"

 

Configuring SELinux

Ok so now we need to configure SELinux to allow access to the cgi script. This means changing the context on the cgi directory itself, which in our case is  /www2/cgi.

Use the semanage command to select and  set the correct context on /www2/cgi, as shown below

# semanage fcontext -a -t httpd_sys_script_exec_t '/www2/cgi(/.*)?'

then

# restorecon -vvFR /www2/cgi

Now restart Apache and attempt to access your script