RHEL6 – Stage an Apache CGI Executable

WagontrainIn the world of an Apache Webserver, a CGI script ( or Common Gateway Interface script), are programs or scripts that are designed to accept and return dynamic content. CGI scripts are the simplest, and therefore the most common way to use dynamic web content. CGI scripts are usually given the extension .cgi.

In this exercise we have a perl script called hello.cgi that we are going to use for testing. This script will be dropped into our ScriptAlias directory that we are going to configure below.

Configure the Script Alias Directory

In order for Apache to permit cgi

First think that you need to do is add or configure a ScriptAlias directive in /etc/httpd/conf/httpd.conf.  You are given this one by default ….

ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

 

and if you are using Apache as its configured out of the box then you are ok to just drop your cgi-scripts in here. However, just to make things a bit harder, I am running named-based virtual hosts with custom Document Root directories. So my config looks more like this. Note that each of the lines below are in a seperate VirtualHost stanza.

   ScriptAlias /cgi-bin/ "/www2/cgi-bin"
   ScriptAlias /cgi-bin/ "/www3/cgi-bin"

 

Configuring SELinux

Ok so now we need to configure SELinux to allow access to the cgi script. This means changing the context on the cgi directory itself, which in our case is  /www2/cgi.

Use the semanage command to select and  set the correct context on /www2/cgi, as shown below

# semanage fcontext -a -t httpd_sys_script_exec_t '/www2/cgi(/.*)?'

then

# restorecon -vvFR /www2/cgi

Now restart Apache and attempt to access your script

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s