Outline

„ CGI Overview „ Between Client and Handler Lecture 8: CGI „ Between Web Server and Handler (Common Gateway Interface )

Wendy Liu CSC309F – Fall 2007

1 2

Common Gateway Interface (CGI)

CGI Overview http://www.oreilly.com/openbook/cgi/ „ Access to dynamic server-side content „ Services „ Data

3 4

1 Components of the CGI Model CGI Interaction (1) „ Clients „ Web browsers „ Web server „ Mediates communication between browsers and handler programs „ CGI Protocol „ Specifies interaction between „ Browser and handler programs „ Function call syntax „ Web server and handler programs „ Handler programs (or CGI scripts) „ Client sends request with a URL+additional info „ Any executables residing on the web server „ Web server receives the request „ Can be written in any language „ Web server identifies the request as a CGI request „ C, C++, Perl, VB, Python, SmallTalk, Assembly, Lisp, etc. „ Web server locates the handler program 5 6

CGI Interaction (2) CGI Interaction (3)

„ Web server starts up the handling program „ Handler program executes „ Heavy weight process creation „ Output of the handler is sent to the Web server via stdout „ Output is typically a web page „ Web server feeds request parameters to handler „ Web server returns output to the requesting web browser „ Through stdin or environment variables

7 8

2 Handling CGI Process CGI Example in Perl #!/local/bin/perl print "Content-type: text/html\n\n"; Main Process Request for print "\n"; Child Process for CGI1 CGI1 print "\n";

Request for print "

hello

\n"; Child Process for CGI2 CGI2 print "\n";

Request for print "\n"; Child Process for CGI1 CGI1 „ In Web page

CGI-based Web Server Click to run CGI „ Cause the execution of the Perl script hello.pl

9 10

Client - Handler Interaction

„ Clients request the execution of a handler program by specifying „ A request method (e.g., GET, POST) Between Client and Handler „ Universal Resource Locator (URL) „ Locates the handler Indirect interaction „ Additional arguments „ Query string

11 12

3 Query String Encoding HTTP Methods

„ Query string is used to transmit data associated with „ GET a GET/POST request „ Query string attached to the URL after ‘?’ „ All arguments are packed into a single string „ As part of the URL „ Each argument is represented by a name-value pair as „ URL may have a length restriction on the server side „ name=value „ Arguments are separated by ampersand, & „ Limited amount of information can be passed „ name_1=value_1&name_2=value_2 „ Arguments appear in server logs „ Spaces in a name or value are replaced by a plus „ POST sign, + „ Query string encoded in the HTTP request body „ URLs cannot have spaces in them „ Not part of the URL „ Other characters (=, &, +) are replaced by a percent sign (%) followed by a two-digit hexadecimal value „ Arbitrarily long form data can be communicated „ Arguments usually do not appear in server logs

13 14

Forms Example: GET Forms Example: POST

„ On the Web page „ On the Web page

„ Request sent to web server „ Request sent to web server „ Assuming user enters: ‘abc’ and ‘123’ „ Assuming user enters: ‘abc’ and ‘123’ POST cgi-bin/login.pl HTTP/1.1 GET cgi-bin/login.pl?id=abc&password=123 HTTP/1.1 id=abc&password=123

15 16

4 Web Server - Handler Interaction

„ Information about a request comes from „ Request line „ Header line Between Web Server and Handler „ Request-body (POST) „ Handler input „ Environment variables „ stdin (request body) „ Handler output „ stdout

17 18

Environment Variables Example –Perl Script AUTH_TYPE REMOTE_IDENT #!/local/bin/perl print "Content-type: text/plain\n\n"; CONTENT_LENGTH REMOTE_USER print "Environment\n"; CONTENT_TYPE REQUEST_METHOD @keys = keys %ENV; # variable names GATEWAY_INTERFACE @values = values %ENV; # variable values SCRIPT_NAME while (@keys) { PATH_INFO SERVER_NAME print pop(@keys), '=', pop(@values), "\n"; PATH_TRANSLATED } SERVER_PORT QUERY_STRING $request_method = $ENV{'REQUEST_METHOD'}; SERVER_PROTOCOL if ($request_method eq "POST") { REMOTE_ADDR $formsize = $ENV{'CONTENT_LENGTH'}; REMOTE_HOST SERVER_SOFTWARE read (STDIN, $form_info, $formsize); print "\nSTDIN\n" print $form_info; }

19 20

5 Example – Web Page Example – GET Request HTTP/1.1 200 OK

GET

Date: Mon, 01 Oct 2007 23:17:56 GMT

Server: Apache/1.3.29 (Unix) Student Number:
Last-Modified: Wed, 12 Sep 2007 20:22:21 GMT Id:
Accept-Ranges: bytes Password:
Return Files:
Content-Length: 65

Keep-Alive: timeout=15, max=100

Connection: Keep-Alive Content-Type: text/plain

POST

Environment Student Number:
SERVER_PORT=80 Id:
Password:
REQUEST_METHOD=GET Return Files:
…

QUERY_STRING=studentNum=a&id=b&password=234&returnFiles=on&submit

=Submit …

21 22

Example – POST Request Important Announcement HTTP/1.1 200 OK Date: Mon, 01 Oct 2007 23:17:56 GMT „ Tuesday Oct 16, 2007 Server: Apache/1.3.29 (Unix) Last-Modified: Wed, 12 Sep 2007 20:32:21 GMT „ 2-hr tutorial given in a CDF lab, BA3185 Accept-Ranges: bytes Content-Length: 65 „ Thursday Oct 18, 2007 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive „ Midterm, BA2195 Content-Type: text/plain „ Starting Tuesday Oct 23, 2007 Environment SERVER_PORT=80 „ The official lecture room will be BA2185 on each REQUEST_METHOD=POST … Tuesday until the end of term QUERY_STRING= „ No change to Thursdays’ classes (BA1240) … STDIN studentNum=a&id=b&password=234&returnFiles=on&submit=Submit

23 24

6