CSC
CRIPTOGRAFIE ȘI SECURITATE CIBERNETICĂ
Laborator
6. Securitatea comunicațiilor web
|
Apache httpd : Use CGI Scripts
|
|
Use CGI (Common Gateway Interface) Scripts.
|
|
| [1] | By default, CGI is allowed under the [/var/www/cgi-bin] directory. It's possible to use CGI Scripts to put under the directory. All files under it are processed as CGI. |
|
# CGI is allowed under the directory [root@www ~]# grep -n "^ *ScriptAlias" /etc/httpd/conf/httpd.conf 252: ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" # verify working to create test script # any languages are OK for CGI scripts (example below is Python3) [root@www ~]# echo '#!/usr/bin/python3' > /var/www/cgi-bin/index.cgi [root@www ~]# echo 'print("Content-type: text/html\n")' >> /var/www/cgi-bin/index.cgi [root@www ~]# echo 'print("CGI Script Test Page")' >> /var/www/cgi-bin/index.cgi [root@www ~]# chmod 755 /var/www/cgi-bin/index.cgi [root@www ~]# curl localhost/cgi-bin/index.cgi CGI Script Test Page |
| [2] | If you'd like to allow CGI in other directories, configure like follows. For example, allow in [/var/www/html/cgi-enabled]. |
|
[root@www ~]#
vi /etc/httpd/conf.d/cgi-enabled.conf # create new # specify extension that are processed as CGI on [AddHandler cgi-script] line <Directory "/var/www/html/cgi-enabled">
Options +ExecCGI
AddHandler cgi-script .cgi .pl .py .rb
</Directory>
mkdir /var/www/html/cgi-enabled [root@www ~]# systemctl restart httpd |
| [3] | If SELinux is enabled and also enable CGI except default location like above, add rules like follows. |
|
[root@www ~]# semanage fcontext -a -t httpd_sys_script_exec_t /var/www/html/cgi-enabled [root@www ~]# restorecon /var/www/html/cgi-enabled
|
| [4] | Create a CGI test page and access to it from any client computer with web browser. |
|
[root@www ~]#
vi /var/www/html/cgi-enabled/index.cgi #!/usr/bin/python3
print("Content-type: text/html\n")
print("<html>\n<body>")
print("<div style=\"width: 100%; font-size: 40px; font-weight: bold; text-align: center;\">")
print("CGI Script Test Page")
print("</div>")
print("</body>\n</html>")
chmod 755 /var/www/html/cgi-enabled/index.cgi |
|
...