Tech Musings

Wednesday, March 21, 2007

OS X (10.3.9) Server and CGI with Virtual Hosts

OS X Server's initial set up is designed for webmasters to house all cgi scripts in /Library/WebServer/CGI-Executables/. This is fine, secure and works well unless your server plays host to multiple sites (virtual hosting). In this situation, it might behoove each site to have its own individual cgi bin (i.e. multiple cgi bins on the server) in order to execute scripts unique to each site's own environment. It took me half a morning to figure out how to configure OS X Server to function in this capacity, but I finally prevailed and here is how I did it.

To start, OS X Server includes a ScriptAlias directive /cgi-bin/ "/Library/WebServer/CGI-Executables/" in the main httpd.conf file (/etc/httpd/httpd.conf) which directs anything found in a cgi-bin folder anywhere on the hard drive to automatically redirect to /Library/WebServer/CGI-Executables/. Consequently, I commented out this directive in the main httpd.conf file so each virtual site could have its own unique cgi-bin directory.

#ScriptAlias /cgi-bin/ "/Library/WebServer/CGI-Executables/"

Enabling CGI Execution in OS 10.3 Server Settings Then, in Server Settings I checked the box to enable CGI Execution (under Options) for each virtual site. This added the -ExecCGI option to each site's host configuration file in /etc/httpd/sites/.


<~ Directory "/Library/WebServer/Documents/site_1" ~>
Options All +MultiViews -Indexes -Includes
-ExecCGI
<~ IfModule mod_dav.c ~>
DAV Off
<~ /IfModule ~>
AllowOverride All AuthConfig
<~ /Directory ~>


I thought this would do it, but soon discovered there was one more tiny little step. Between the directory tags inside the site config file, I needed to insert AddHandler cgi-script .cgi. I also added the .pl extension to the end of the line so scripts with a .pl (perl) extension would execute in addition to scripts with a .cgi extension. Basically, adding this line tells Apache that a .cgi or .pl script can be executed anywhere in the site, which could be deemed a security risk without careful consideration.

<~ Directory "/Library/WebServer/Documents/site_1" ~>
Options All +MultiViews -Indexes -Includes -ExecCGI
<~ IfModule mod_dav.c ~>
DAV Off
<~ /IfModule ~>
AllowOverride All AuthConfig
AddHandler cgi-script .cgi .pl
<~ /Directory ~>

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home