Running scripts outside of the cgi-bin


  • Applies to: Grid
    • Difficulty: Medium
    • Time: 20
    • Tools needed: FTP, plain text editor or SSH, vi knowledge
  • Applies to: DV
    • Difficulty: Medium-Hard
    • Time: 20
    • Tools needed: SSH, vi knowledge

Overview

This article describes how to execute scripts outside of your cgi-bin using a .htaccess file.

You will be able to execute CGI scripts outside of your cgi-bin. Enabling this in a web-accessible directory is slightly more insecure than limiting script execution to the cgi-bin, because if a malicious script is ever uploaded to your server, it will be more easily able to be executed.

Requirements

Before you start, you'll need:

READ ME FIRST

This article is provided as a courtesy. Installing, configuring, and troubleshooting third-party applications is outside the scope of support provided by (mt) Media Temple. Please take a moment to review the Statement of Support.

READ ME FIRST

This article is provided as a courtesy. Installing, configuring, and troubleshooting third-party applications is outside the scope of support provided by (mt) Media Temple. Please take a moment to review the Statement of Support.

Instructions

Add the following lines to your .htaccess.htaccess file:

Filename: .htaccess

AddHandler cgi-script .cgi .pl

Options +ExecCGI

Then, upload the .htaccess file to the directory in which you want to enable CGI script execution, via FTPFTP. For more information on creating and uploading .htaccess files, please see: Using .htaccess filesUsing .htaccess files.

NOTE:

You can add any file extension to the AddHandler line in your .htaccess file. The example is for CGI and Perl scripts.

If you are using this directive in your existing cgi-bin directory, the above line alone will also work.

Enable server-wide execution

You can enable server-wide processing of cgi scripts. Note that this will make your server more vulnerable if you get hacked. To do this, uncomment the cgi-script AddHandler directive in the main Apache configuration file, /etc/httpd/conf/httpd.conf.

  1. Connect to your server as root or a sudo user via SSH.
  2. Open the httpd.conf file for editing:
    vi /etc/httpd/conf/httpd.conf

    vi tip:

    Press i to enter insert mode so you can type and copy/paste. Use the arrow keys to navigate. Press the Esc key to exit insert mode when you are done modifying the file. Type :wq to save and quit.

  3. Locate this line:

    Filename: httpd.conf

    #AddHandler cgi-script .cgi

    Remove the # so that it looks like this:

    Filename: httpd.conf

    AddHandler cgi-script .cgi
  4. Restart Apache with the following command:
    /etc/rc.d/init.d/httpd restart

That's it. You should now be able to execute cgi scripts anywhere on the server.

vhost.conf

You can also modify your vhost.conf file to allow execution of cgi scripts on a per-domain basis. This allows execution of cgi scripts in the httpdocs directory for a particular domain.

  1. Connect to your server as root or a sudo user via SSH.
  2. Create or edit your vhost.conf file:
    vi /var/www/example.com/conf/vhost.conf/

    vi tip:

    Press i to enter insert mode so you can type and copy/paste. Use the arrow keys to navigate. Press the Esc key to exit insert mode when you are done modifying the file. Type :wq to save and quit.

  3. Add the following lines to the file and save your changes:

    Filename: vhost.conf

    <Directory /var/www/vhosts/example.com/httpdocs>
    <Files ~ (\.cgi$)>
    SetHandler cgi-script
    Options ExecCGI
    allow from all
    </Files>
    </Directory>
    

    NOTE:

    Replace example.com with your domain name. If this is an additional domain on the same webspace or subscription, replace example.com for the root directory for the additional domain. The default directory for an additional domain in this example is site1, see Figure 1 below.


    Figure 1.

  4. Run the following command to reload your Apache configuration files:
    /usr/local/psa/admin/sbin/httpdmng --reconfigure-all

See also

For more information about your vhost.conf file in general, and this specific issue, see: