CSC
CRIPTOGRAFIE ȘI SECURITATE CIBERNETICĂ
Laborator
6. Securitatea comunicațiilor web
Apache httpd : Use CGI Scripts
|
Use CGI (Common Gateway Interface) Scripts.
|
|
[1] | By default, CGI is allowed under the [/var/www/cgi-bin] directory. It's possible to use CGI Scripts to put under the directory. All files under it are processed as CGI. |
# CGI is allowed under the directory [root@www ~]# grep -n "^ *ScriptAlias" /etc/httpd/conf/httpd.conf 252: ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" # verify working to create test script # any languages are OK for CGI scripts (example below is Python3) [root@www ~]# echo '#!/usr/bin/python3' > /var/www/cgi-bin/index.cgi [root@www ~]# echo 'print("Content-type: text/html\n")' >> /var/www/cgi-bin/index.cgi [root@www ~]# echo 'print("CGI Script Test Page")' >> /var/www/cgi-bin/index.cgi [root@www ~]# chmod 755 /var/www/cgi-bin/index.cgi [root@www ~]# curl localhost/cgi-bin/index.cgi CGI Script Test Page |
[2] | If you'd like to allow CGI in other directories, configure like follows. For example, allow in [/var/www/html/cgi-enabled]. |
[root@www ~]#
vi /etc/httpd/conf.d/cgi-enabled.conf # create new # specify extension that are processed as CGI on [AddHandler cgi-script] line <Directory "/var/www/html/cgi-enabled"> Options +ExecCGI AddHandler cgi-script .cgi .pl .py .rb </Directory> mkdir /var/www/html/cgi-enabled [root@www ~]# systemctl restart httpd |
[3] | If SELinux is enabled and also enable CGI except default location like above, add rules like follows. |
[root@www ~]# semanage fcontext -a -t httpd_sys_script_exec_t /var/www/html/cgi-enabled [root@www ~]# restorecon /var/www/html/cgi-enabled
|
[4] | Create a CGI test page and access to it from any client computer with web browser. |
[root@www ~]#
vi /var/www/html/cgi-enabled/index.cgi #!/usr/bin/python3 print("Content-type: text/html\n") print("<html>\n<body>") print("<div style=\"width: 100%; font-size: 40px; font-weight: bold; text-align: center;\">") print("CGI Script Test Page") print("</div>") print("</body>\n</html>") chmod 755 /var/www/html/cgi-enabled/index.cgi |
...