Common Gateway Interface

The Common Gateway Interface (CGI) is a standard (see RFC 3875: CGI Version 1.1) method for web servers software to delegate the generation of web pages to executable files. Such files are known as CGI scripts; they are programs, often stand-alone applications, usually written in a scripting language.

1 More details
2 Example
3 History
4 Drawbacks
- 4.1 Alternatives
5 See also
6 References
7 External links

More details

A web server that supports CGI can be configured to interpret a URL that it serves as a reference to CGI scripts. A common convention is to have a cgi-bin/ directory at the base of the directory tree and treat all executable files within it as CGI scripts. Another popular convention is to use filename extensions; for instance, if CGI scripts are consistently given the extension .cgi, the web server can be configured to interpret all such files as CGI scripts.

In the case of HTTP PUT or POSTs, the user-submitted data is provided to the program via the standard input. In any case, according to the CGI standard, data is passed into the program using certain, specific environment variables. This is in contrast to typical execution, where command-line arguments are used and the environment is in constant upheaval and cannot be trusted. The web server creates a small and efficient subset of the environment variables passed to it and adds details pertinent to the execution of the program.

Simple Example

The following CGI program shows all the environment variables passed by the web server:

 #!/usr/local/bin/perl
 ##
 ##  printenv—demo CGI program which just prints its environment
 ##
 #
 print "Content-type: text/plain\n\n";
 foreach $var (sort(keys(%ENV))) {
   $val = $ENV{$var};
   $val =~ s|\n|\\n|g;
   $val =~ s|"|\\"|g;
   print "${var}=\"${val}\"\n";
 }

If a web browser issues a request for the environment variables at http://example.com/cgi-bin/printenv.pl/foo/bar?var1=value1&var2=with%20percent%20encoding, a 64-bit Microsoft Windows web server running cygwin returns the following information:

COMSPEC="C:\Windows\system32\cmd.exe"
DOCUMENT_ROOT="C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs"
GATEWAY_INTERFACE="CGI/1.1"
HOME="/home/SYSTEM"
HTTP_ACCEPT="text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
HTTP_ACCEPT_CHARSET="ISO-8859-1,utf-8;q=0.7,*;q=0.7"
HTTP_ACCEPT_ENCODING="gzip, deflate"
HTTP_ACCEPT_LANGUAGE="en-us,en;q=0.5"
HTTP_CONNECTION="keep-alive"
HTTP_HOST="example.com"
HTTP_USER_AGENT="Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
PATH="/home/SYSTEM/bin:/bin:/cygdrive/c/progra~2/php:/cygdrive/c/windows/system32:..."
PATHEXT=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC"
PATH_INFO="/foo/bar"
PATH_TRANSLATED="C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\foo\bar"
QUERY_STRING="var1=value1&var2=with%20percent%20encoding"
REMOTE_ADDR="127.0.0.1"
REMOTE_PORT="63555"
REQUEST_METHOD="GET"
REQUEST_URI="/cgi-bin/printenv.pl/foo/bar?var1=value1&var2=with%20percent%20encoding"
SCRIPT_FILENAME="C:/Program Files (x86)/Apache Software Foundation/Apache2.2/cgi-bin/printenv.pl"
SCRIPT_NAME="/cgi-bin/printenv.pl"
SERVER_ADDR="127.0.0.1"
SERVER_ADMIN="(server admin's email address)"
SERVER_NAME="127.0.0.1"
SERVER_PORT="80"
SERVER_PROTOCOL="HTTP/1.1"
SERVER_SIGNATURE=""
SERVER_SOFTWARE="Apache/2.2.19 (Win32) PHP/5.2.17"
SYSTEMROOT="C:\Windows"
TERM="cygwin"
WINDIR="C:\Windows"

From the environment, we see that the web browser is Firefox running on a Windows 7 PC, the web server is Apache running on a system which emulates Unix, and the CGI script is named cgi-bin/printenv.pl.

The program could then generate any content, write that to its standard output, and the web server will transmit it to the browser.

Environment variables passed to a CGI program

Server specific variables:
- SERVER_SOFTWARE — name/version of HTTP server.
- SERVER_NAME — host name of the server, may be dot-decimal IP address.
- GATEWAY_INTERFACE — CGI/version.
Request specific variables:
- SERVER_PROTOCOL — HTTP/version.
- SERVER_PORT — TCP port (decimal).
- REQUEST_METHOD — name of HTTP method (see above).
- PATH_INFO — path suffix, if appended to URL after program name and a slash.
- PATH_TRANSLATED — corresponding full path as supposed by server, if PATH_INFO is present.
- SCRIPT_NAME — relative path to the program, like /cgi-bin/script.cgi.
- QUERY_STRING — the part of URL after ? character. May be composed of *name=value pairs separated with ampersands (such as var1=val1&var2=val2…) when used to submit form data transferred via GET method as defined by HTML application/x-www-form-urlencoded.
- REMOTE_HOST — host name of the client, unset if server did not perform such lookup.
- REMOTE_ADDR — IP address of the client (dot-decimal).
- AUTH_TYPE — identification type, if applicable.
- REMOTE_USER used for certain AUTH_TYPEs.
- REMOTE_IDENT — see ident, only if server performed such lookup.
- CONTENT_TYPE — MIME type of input data if PUT or POST method are used, as provided via HTTP header.
- CONTENT_LENGTH — similarly, size of input data (decimal, in octets) if provided via HTTP header.
- Variables passed by user agent (HTTP_ACCEPT, HTTP_ACCEPT_LANGUAGE, HTTP_USER_AGENT, HTTP_COOKIE and possibly others) contain values of corresponding HTTP headers and therefore have the same sense.

Output format

The program returns the result to the web server in the form of standard output, beginning with a header and a blank line.

The header is encoded in the same way as an HTTP header and must include the MIME type of the document returned.^[1] The headers, supplemented by the web server, are generally forwarded with the response back to the user.

Example

An example of a CGI program is one implementing a wiki. The user agent requests the name of an entry; the server retrieves the source of that entry's page (if one exists), transforms it into HTML, and sends the result.

History

In 1993, the World Wide Web (WWW) was small but booming. WWW software developers and web site developers kept in touch on the www-talk mailing list, so it was there that a standard for calling command line executables was agreed upon. Specifically mentioned in RFC 3875^[2] are the following contributors:

Rob McCool (author of the NCSA httpd web server)
John Franks (author of the GN web server)
Ari Luotonen (the developer of the CERN httpd web server)
Tony Sanders (author of the Plexus web server)
George Phillips (web server maintainer at the University of British Columbia)

The NCSA team wrote the specification,^[3] however, NCSA no longer hosts this.^[4]^[5] (A possible mirror of the original documentation is available.^[6]) The other web server developers adopted it, and it has been a standard for web servers ever since. Since its initial adoption an effort was mounted to get it published more formally which resulted in RFC 3875.

Drawbacks

Calling a command generally means the invocation of a newly created process on the server. Starting the process can consume much more time and memory than the actual work of generating the output, especially when the program still needs to be interpreted or compiled. If the command is called often, the resulting workload can quickly overwhelm the web server.

The overhead involved in interpretation may be reduced by using compiled CGI programs, such as those in C/C++, rather than using Perl or other scripting languages. The overhead involved in process creation can be reduced by solutions such as FastCGI, or by running the application code entirely within the web server using extension modules such as mod_php.

Alternatives

Several approaches can be adopted for remedying this:

The popular Web servers developed their own extension mechanisms that allows third-party software to run inside the web server itself, e.g. Apache modules, Netscape NSAPI plug-ins, IIS ISAPI plug-ins.
Simple Common Gateway Interface or SCGI
FastCGI allows a single, long-running process to handle more than one user request while keeping close to the CGI programming model, retaining the simplicity while eliminating the overhead of creating a new process for each request. Unlike converting an application to a web server plug-in, FastCGI applications remain independent of the web server.
Replacement of the architecture for dynamic websites can also be used. This is the approach taken by solutions including Java Platform, Enterprise Edition (a.k.a. Java EE), which runs Java code in a Java servlet container in order to serve dynamic content and optionally static content. This approach replaces the overhead of generating and destroying processes with the much lower overhead of generating and destroying threads, and also exposes the programmer to the library that comes with Java Platform, Standard Edition that the version of Java EE in use is based on.

The optimal configuration for any web application depends on application-specific details, amount of traffic, and complexity of the transaction; these tradeoffs need to be analyzed to determine the best implementation for a given task and time budget.

References

External links

Cgicc, FSF C++ library for CGI request parsing and HTML response generation
CGI, a standard Perl module for CGI request parsing and HTML response generation

Web server interfaces

General	Common Gateway Interface (CGI) Simple CGI FastCGI

Technology specific	ISAPI Java Servlet NSAPI AJP Python WSGI Ruby Rack JavaScript JSGI Perl PSGI Lua WSAPI

Apache modules	mod_jk mod_lisp mod_parrot mod_perl mod_php mod_python mod_wsgi mod_ruby