目录
2 实现一个返回html页面,标题和内容都为Hello World
0 实现一个返回json格式应答的CGI
#!/bin/bash echo "Content-type: text/html" echo "" # ok, we've sent the header, now send some content echo "{\"ret\":0,\"msg\":\"ok\"}"
测试方法:
将上述的Bash脚本放在Websvr下,可以通过curl命令发送http请求,例如:curl "http://172.25.81.16/cgi-bin/ret_json_ok.sh",然后会返回:{"ret":0,"msg":"ok"}。
1 实现一个form来发送http请求
效果如下图所示:
实现方法分两步:
(1) 写一个简单的html页面,例如,form.html
Enter Host:
(2) 写一个接收请求的CGI,上面的ACTION已指定,即,form_test.sh
#!/bin/bash echo 'Content-type: test/html' echo '' echo $QUERY_STRING
2 实现一个返回html页面,标题和内容都为Hello World
返回的页面效果如下图:
实现方法,同样实现一个CGI,只是返回的内容是一个html:
#!/bin/bash echo 'Content-type: test/html' echo '' echo '' echo '' echo '' echo 'Hello World' echo '' echo '' echo 'Hello World' echo '' echo '' exit 0
3 温故知新
通过上面几个非常简单的例子,下面总结一些基本概念:
(1) Introduction to CGI
Web CGI programs can be written in any language which can process standard input (stdin),environment variables and write to standard output (stdout).The web server will interact with all CGI programs using the "Common Gateway Interface" (CGI) standard as set by RFC 3875. This capability is possessed by most modern computer programming and scripting languages, including the bash shell.
(2) Basic Bash CGI Example
CGI programs typically perform the following:
- All CGI scripts must write out a header used by the browser to identify the content.
- They typically process some input. (URL, form data or ISINDEX)
- CGI can access environment variables set by the web server.
- CGI scripts will write out HTML content to be viewed. This typically has the structure of the "head" which contains non-viewable content and "body" which provides the viewable content.
Script Location:
Various distributions of Linux locate the CGI directory in different directory paths. The path is set by the web server configuration file. For the Apache web server, the "ScriptAlias" directive defines the CGI path:
Linux Distribution | Path |
---|---|
Red Hat Enterprise, 7.x-9, Fedora core, CentOS | /var/www/cgi-bin/ |
Red Hat 6.x and older | /home/httpd/cgi-bin/ |
SuSe | /srv/www/cgi-bin/ |
Ubuntu/Debian | /usr/lib/cgi-bin/ |
Script Permissions:
The script will require system executable permissions: chmod +x /var/www/cgi-bin/hello.sh
If using SELinux, the security context must also permit execution: chcon -t httpd_sys_content_t /var/www/cgi-bin/hello.sh
Executing Shell Commands:
Typically one will want to process shell or system commands:
Add the paths required to find the commands:
(3) Processing Bash CGI Input
Accessing Environment Variables:
The web server will pass environment variables to the CGI which it can access and use. This is very simple for bash.
#!/bin/bash echo "Content-type: text/html" echo "" echo '' echo '' echo '' echo 'Environment Variables' echo '' echo '' echo 'Environment Variables:' echo '' /usr/bin/env echo '' echo '' echo '' exit 0
Typically one will want to process input from the URL "QUERY_STRING" such as "namex=valuex&namey=valuey&namez=valuez" extracted from the following URL:http://localhost/cgi-bin/env.sh?namex=valuex&namey=valuey&namez=valuez
Script Description:
- Script will loop through all of the arguments in environment variable "QUERY_STRING" as separated by the delimiter "&". Thus the script loops three times with the following "Args":
- namex=valuex
- namey=valuey
- namez=valuez
- For each "Args" line, look for each token separated by the delimeter "=". Component 1 ($1) and component 2 ($2).
- Use "sed" to parse and substitute characters. A blank space is substituted for all %20's.
#!/bin/bash
echo "Content-type: text/html"
echo ""
echo ''
exit 0
Output:
Parsed Values: valuex valuey valuez |
You will get the same results for: http://node1.megawww.com/cgi-bin/env.sh?namex=valuex&namez=valuez&namey=valuey
Typically one will also want to produce and process input from an HTML form:
URL: http://localhost/cgi-bin/exampleForm.sh
#!/bin/bash
echo "Content-type: text/html"
echo ""
echo ''
exit 0
Note that the environment variables $REQUEST_METHOD and $QUERY_STRING can be processed by the shell directly.
You can string together more "sed" translators as needed (depending on your content):| sed "s/%20/ /g" | sed "s/%3A/:/g" | sed "s/%2F/\//g"
(4) CGI Security
One must filter the input to avoid cross site scripting. Filter out "<>&*?./" to avoid trouble from hackers.