Common Gateway Interface

From Wikipedia, the free encyclopedia - View original article

Jump to: navigation, search

Common Gateway Interface (CGI) is a standard method used to generate dynamic content on web pages and web applications. CGI, when implemented on a web server, provides an interface between the web server and programs that generate the web content. These programs are known as CGI scripts or simply CGIs; they are usually written in a scripting language.


In 1993, the World Wide Web (WWW) was small but flourishing. WWW software developers and Web site developers kept in touch on the www-talk mailing list, so it was there that a standard for calling command line executables was agreed upon. The NCSA team wrote the specification;[1] however, NCSA no longer hosts this.[2][3] The other Web server developers adopted it, and it has been a standard for Web servers ever since. A work group chaired by Ken Coar started in November 1997 to get the NCSA definition of CGI more formally defined.[4] This work resulted in RFC 3875, which specified CGI Version 1.1. Specifically mentioned in the RFC are the following contributors:[5]


The following CGI program shows all the environment variables passed by the web server:

 #!/usr/bin/perl   =head1 DESCRIPTION   printenv—  CGI program which just prints its environment   =cut print "Content-type: text/plain\r\n\r\n";   for my $var ( sort keys %ENV ) {  my $value = $ENV{$var};<ref>  $value =~ s/\n/\\n/g;  $value =~ s/"/\\"/g;  print qq[$var="$value"\n]; } 

If a web browser issues a request for the environment variables at, a 64-bit Microsoft Windows web server running cygwin returns the following information:

  COMSPEC="C:\Windows\system32\cmd.exe"  DOCUMENT_ROOT="C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs"  GATEWAY_INTERFACE="CGI/1.1"  HOME="/home/SYSTEM"  HTTP_ACCEPT="text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"  HTTP_ACCEPT_CHARSET="ISO-8859-1,utf-8;q=0.7,*;q=0.7"  HTTP_ACCEPT_ENCODING="gzip, deflate"  HTTP_ACCEPT_LANGUAGE="en-us,en;q=0.5"  HTTP_CONNECTION="keep-alive"  HTTP_HOST=""  HTTP_USER_AGENT="Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"  PATH="/home/SYSTEM/bin:/bin:/cygdrive/c/progra~2/php:/cygdrive/c/windows/system32:..."  PATHEXT=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC"  PATH_INFO="/foo/bar"  PATH_TRANSLATED="C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\foo\bar"  QUERY_STRING="var1=value1&var2=with%20percent%20encoding"  REMOTE_ADDR=""  REMOTE_PORT="63555"  REQUEST_METHOD="GET"  REQUEST_URI="/cgi-bin/"  SCRIPT_FILENAME="C:/Program Files (x86)/Apache Software Foundation/Apache2.2/cgi-bin/"  SCRIPT_NAME="/cgi-bin/"  SERVER_ADDR=""  SERVER_ADMIN="(server admin's email address)"  SERVER_NAME=""  SERVER_PORT="80"  SERVER_PROTOCOL="HTTP/1.1"  SERVER_SIGNATURE=""  SERVER_SOFTWARE="Apache/2.2.19 (Win32) PHP/5.2.17"  SYSTEMROOT="C:\Windows"  TERM="cygwin"  WINDIR="C:\Windows" 

From the environment, it can be seen that the web browser is Firefox running on a Windows 7 PC, the web server is Apache running on a system which emulates Unix, and the CGI script is named cgi-bin/

The program could then generate any content, write that to standard output, and the web server will transmit it to the browser.

The following are environment variables passed to CGI programs:

The program returns the result to the web server in the form of standard output, beginning with a header and a blank line.

The header is encoded in the same way as an HTTP header and must include the MIME type of the document returned.[6] The headers, supplemented by the web server, are generally forwarded with the response back to the user.


A web server that supports CGI can be configured to interpret a URL that it serves as a reference to a CGI script. A common convention is to have a cgi-bin/ directory at the base of the directory tree and treat all executable files within this directory (and no other, for security) as CGI scripts. Another popular convention is to use filename extensions; for instance, if CGI scripts are consistently given the extension .cgi, the web server can be configured to interpret all such files as CGI scripts. While convenient, and required by many prepackaged scripts,it opens the server to attack if a remote user can upload executable code with the proper extension.

In the case of HTTP PUT or POSTs, the user-submitted data is provided to the program via the standard input. The web server creates a subset of the environment variables passed to it and adds details pertinent to the HTTP environment.


An example of a CGI program is one implementing a Wiki. The user agent requests the name of an entry; the program retrieves the source of that entry's page (if one exists), transforms it into HTML, and sends the result. If the "Edit this page" link is clicked, the CGI populates an HTML textarea or other editing control with the page's contents, and saves it back to the server when the user submits the form.


Calling a command generally means the invocation of a newly created process on the server. Starting the process can consume much more time and memory than the actual work of generating the output, especially when the program still needs to be interpreted or compiled. If the command is called often, the resulting workload can quickly overwhelm the web server.

The overhead involved in interpretation may be reduced by using compiled CGI programs, such as those in C/C++, rather than using Perl or other interpreted languages. The overhead involved in process creation can be reduced by solutions such as FastCGI that "prefork" interpreter processes, or by running the application code entirely within the web server using extension modules such as mod_php.

Several approaches can be adopted for remedying this:

The optimal configuration for any web application depends on application-specific details, amount of traffic, and complexity of the transaction; these tradeoffs need to be analyzed to determine the best implementation for a given task and time budget.

See also[edit]


External links[edit]