Forum
How to configure CGI-Wrapper?
Samiux
20 September 2009, 05:02
Hiawatha version: 6.17.1
Operating System: Ubuntu 9.04 Server
Does anybody know how to configure cgi-wrapper on Ubuntu 9.04?
I encountered three different problems when I try to configure cgi-wrapper :
(1) 500 Internal Server Error
(2) 403 Forbidden
(3) shows the content of index.php
Anyone can give me the right direction?
Samiux
Hugo Leisink
20 September 2009, 08:53
What does your error logfile say?
Is apparmore still enabled on your system? If so, do you have to same problems when apparmore is disabled for Hiawatha?
That the cgi-wrapper works is shown here: http://test.leisink.org/. Normally, the CGI programs are run with Hiawatha's user id, 33 in this case. In the test website, the CGIs are run with the user id of my account, id 1000.
Is apparmore still enabled on your system? If so, do you have to same problems when apparmore is disabled for Hiawatha?
That the cgi-wrapper works is shown here: http://test.leisink.org/. Normally, the CGI programs are run with Hiawatha's user id, 33 in this case. In the test website, the CGIs are run with the user id of my account, id 1000.
Samiux
20 September 2009, 12:35
Hugo Leisink,
I changed the apparmor to complain mode. When I access my site, it gives me 403 - Forbidden message and the following is the error.log entry.
The following are the configure files.
cgi-wrapper.conf
hiawatha.conf
When I comment out the following lines at hiawatha.conf and the others remain unchange, the content of the index.php will be displayed.
I also tried to run newroot at /var/blog but with the same result.
What's wrong with my setting?
Samiux
I changed the apparmor to complain mode. When I access my site, it gives me 403 - Forbidden message and the following is the error.log entry.
Sun 20 Sep 2009 17:41:48 +0800|192.168.20.1|/var/uuh/index.php|CGI-wrapper: no valid Wrap found|CGI-wrapper: no valid CGIhandler found
The following are the configure files.
cgi-wrapper.conf
# CGI wrapper configuration
#
# Use the 'newroot' tool to copy applications to a chroot directory.
# CGIhandler = /path/to/cgi-handler
#
CGIhandler = /usr/bin/perl
CGIhandler = /usr/bin/php5-cgi
#CGIhandler = /usr/bin/python
#CGIhandler = /usr/bin/ruby
#CGIhandler = /usr/bin/ssi-cgi
# Wrap = <wrap-id>;<cgiroot>;<userid>[:<group>]
#
#Wrap = nobody ; /var/www|nobody ; 65534:65534
#Wrap = somebody ; /var/www/site ; 1001:33,200,201
#Wrap = hugo ; ~hugo ; hugo
Wrap = jail ; /var/blog|www-data ; www-data:www-data
hiawatha.conf
# Hiawatha main configuration file
#
# GENERAL SETTINGS
#
ServerId = www-data
LogFormat = extended
ConnectionsTotal = 150
ConnectionsPerIP = 10
SystemLogfile = /var/log/hiawatha/system.log
GarbageLogfile = /var/log/hiawatha/garbage.log
CGIwrapper = /usr/sbin/cgi-wrapper
# BINDING SETTINGS
# A binding is where a client can connect to.
#
Binding {
Port = 80
# Interface = 127.0.0.1
MaxKeepAlive = 30
TimeForRequest = 3,20
}
# BANNING SETTINGS
# Deny service to clients who misbehave.
#
BanOnGarbage = 300
BanOnMaxPerIP = 60
BanOnMaxReqSize = 300
KickOnBan = yes
RebanDuringBan = yes
BanOnSQLi = 60
BanOnFlooding = 10/1:15
BanlistMask = allow 192.168.20.179
# COMMON GATEWAY INTERFACE (CGI) SETTINGS
# These settings can be used to run CGI applications. Use the 'php-fcgi'
# tool to start PHP as a FastCGI daemon.
#
CGIhandler = /usr/bin/perl:pl
CGIhandler = /usr/bin/php5-cgi:php
#CGIhandler = /usr/bin/python:py
#CGIhandler = /usr/bin/ruby:rb
#CGIhandler = /usr/bin/ssi-cgi:shtml
CGIextension = cgi
#
FastCGIserver {
FastCGIid = PHP5
ConnectTo = 127.0.0.1:2005
Extension = php, php5
SessionTimeout = 30
}
# DEFAULT WEBSITE
# It is wise to use your IP address as the hostname of the default website
# and give it a blank webpage. By doing so, automated webscanners won't find
# your possible vulnerable website.
#
Hostname = 127.0.0.1
WebsiteRoot = /var/www/hiawatha
StartFile = index.html
AccessLogfile = /var/log/hiawatha/access.log
ErrorLogfile = /var/log/hiawatha/error.log
#ErrorHandler = 404:/error.cgi
# VIRTUAL HOSTS
# Use a VirtualHost section to declare the websites you want to host.
#
VirtualHost {
Hostname = www.samiux.com
Alias = /hello_world:/usr/share/phpmyadmin
WebsiteRoot = /var/blog
StartFile = index.php
AccessLogfile = /var/log/hiawatha/blog/access.log
ErrorLogfile = /var/log/hiawatha/blog/error.log
TimeForCGI = 5
# UseFastCGI = PHP5
ExecuteCGI = yes
# PreventCMDi = yes
PreventCSRF = yes
PreventSQLi = yes
PreventXSS = yes
WrapCGI = jail
}
When I comment out the following lines at hiawatha.conf and the others remain unchange, the content of the index.php will be displayed.
CGIhandler = /usr/bin/perl:pl
CGIhandler = /usr/bin/php5-cgi:php
I also tried to run newroot at /var/blog but with the same result.
cd /var/blog
sudo newroot /usr/bin/perl
sudo newroot /usr/bin/php5-cgi
What's wrong with my setting?
Samiux
Hugo Leisink
20 September 2009, 14:11
Have you read these posts [www.hiawatha-webserver.org] already? Please note my post about the bug in cgi-wrapper.c.
Samiux
20 September 2009, 23:15
Hugo Leisink,
Sorry, I overlook the said post that you are mentioned.
Finally, cgi-wrapper works. Thank you for your assistance.
Samiux
Sorry, I overlook the said post that you are mentioned.
Finally, cgi-wrapper works. Thank you for your assistance.
Samiux
Hugo Leisink
20 September 2009, 23:28
Glad to hear that the problem is finally solved.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
