Forum

I have:

VirtualHost {
        Hostname = www.my-domain.com
        WebsiteRoot = /var/www/hiawatha/my-domain.com/htdocs
        FollowSymlinks = yes
        ExecuteCGI = yes
        StartFile = index.html
        AccessLogfile = /var/www/hiawatha/my-domain.com/log/access.log
        ErrorLogfile = /var/www/hiawatha/my-domain.com/log/error.log
        TimeForCGI = 5
}

So the directory tree is:

/var/www/hiawatha/my-domain.com/htdocs/ => for html files

/var/www/hiawatha/my-domain.com/cgi-bin/ => for all cgi scripts

or should cgi-bin go under /htdocs/?

anyway, I keep getting a 404. TIA....

CGI scripts can be placed in the same directory as your HTML files.

Cool! Just tried _that_ - works great! Thanks.

But what if I want to segregate all CGI scripts into cgi-bin/ - how do I tell Hiawatha to go find them _there_? My guess would be:

Directory { 
       Path =  whatever/cgi-bin
       ExecuteCGI = yes
}

Is that correct?

Guess you could use URL rewrite perhaps?
^.*/(s+).cgi/(.*)$ Rewrite /cgi-bin/$1.cgi/$2
I'm don't have much experience with regular expression so the above will probably have to be adjusted

Why do you want to have CGI's in a cgi-bin directory??

Just the way I've always done it with Apache. Force of habit. More secure? I don't know! I guess that I could symlink to a cgi-bin/ directory somewhere in $HOME.

If you want to do it properly, then cgi-bin should be an alias to a centralized directory. In the old days, not many people knew how to write a CGI script. So, a system administrator wrote some simple form handling CGI scripts for them and placed those in a centralized directory. In every website configuration. he created an alias called cgi-bin which pointed to that centralized directory.

Creating a cgi-bin directory inside the website directory is just a misunderstanding of what the cgi-bin directory was for and adds nothing to security.

Maybe it would save a lot of time if you could give us a detailed example of how to set up the proper directories for the html and script files for:

1. a local Hiawatha server for testing purposes

2. a remote Hiawatha production server

I'm confused because you just said, "If you want to do it properly, then cgi-bin should be an alias to a centralized directory", but a couple of days ago you said, "CGI scripts can be placed in the same directory as your HTML files."

Which is it

Thanks!

In the old days, the cgi-bin directory was a directory in which a system administrator placed scripts that users could use to process webforms. This was done because those users lacked the knowledge to create such scripts themselves. The system administrator placed a symlink in every website to that directory so users could actually use those scripts. That was then.

These days, many users are able to create those scripts themselves via, for example, PHP. So, for those users a cgi-bin directory is no longer necessary. Those users can simply create those scripts and placed them along the HTML files and images in the same directory. Placing the CGI scripts in a cgi-bin directory inside the website directory is weird. It adds nothing to security, usability or anything. Although many people still do it, it's just a misunderstanding of what the cgi-bin directory used to be for.

However, if you still want to use a cgi-bin directory, do it properly and make it a centralized directory to which you create an alias in every website. Only do it for users who don't know how to write a CGI script but want to have a, for example, contact form on their website.

If your webserver is only to be used by you (which I guess is the case), forget this whole cgi-bin directory thing and simply place all website stuff in one directory. You can of course place, for example, images in a subdirectory, but that's another thing.

"In the old days"? What the hell is all that about?

Here's what Apache.org has to say, at: http://httpd.apache.org/docs/current/mod/mod_alias.html#scriptalias



How is Hiawatha different that the above Apache quote would not be valid? Or are you saying the same thing?

The source code can only be revealed if the CGI settings in hiawatha.conf are changed. Placing the CGI's in an alias directory doesn't prevent revealing the source code. Not in Hiawatha, not in Apache. What the Apache website is saying doesn't make sense.

--
dukeofperl@ml1.net

And that means....?

Ever since the "old days", it seems that Apache.org has been the de facto authority concerning web servers and the HTTP protocol. And now to find out that they've been full of shit all these years. WTF...
--
dukeofperl@ml1.net

Apache and being 'de facto'... Read about the HTTP PUT method and then take a look about how Apache has it implemented... not the same. Look at PHP's configfile php.ini and look at the comments for the cgi.rfc2616_headers setting. It says that Apache requires that PHP does not send RFC2615 compliant HTTP headers... nice.

I hear you!
The world has to be informed of this Hugo!
All those poor mis-guided souls who persist on using Apache, must be re-educated.
Maybe Geert Wilders can help! =D