Apache – Configuring Apache 2.4 to Permit CGI on Debian Jessie

apache-httpdcgidebian

I’m new to Sysadmin and Apache configuration. Trying to get AWStats running, but in troubleshooting have gotten to trying to run a simple Hello World (html output) script on port 8888 and have been hitting a wall of 403 Forbidden.

It’s not the script:

mikekilmer@glitchbox:/var/www/html$ perl /usr/lib/cgi-bin/hello.pl
Content-type: text/html

<HTML>

<HEAD>
<TITLE>Hello, world!</TITLE>
</HEAD>

<BODY>
<H1>Hello, world!</H1>
</BODY>

</HTML>

Shebang matches path to perl: #!/usr/bin/perl

These are the main config settings:

<Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>

<Directory /usr/share>
        AllowOverride None
        Require all granted
</Directory>

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
</Directory>

Directory and file permissions are 755 and 644 with ownership being root:root (on the cgi-bin and perl files).

Apache’s html/index.html shows up:
http://www.infiniteglitch.net:8888/manual.html/howto/cgi.html

This is what the error log says:
[Sat Jun 06 05:53:24.412867 2015] [authz_core:error] [pid 28374:tid 140381836453632] [client 108.205.62.183:55886] AH01630: client denied by server configuration: /usr/local/apache2

I think maybe I’m missing something with Configuring Apache to permit CGI.

Module
1. Note: If Apache has been built with shared module support you need to ensure that the module is loaded; in your apache2.conf you need to make sure the LoadModule directive has not been commented out. A correctly configured directive may look like this:

LoadModule cgi_module modules/mod_cgi.so

I don’t know if it was built with shared module support. Installed with apt-get. Not finding the line LoadModule in the config file. If I add the above line above line to apache2.conf, Apache won’t restart.

ScriptAlias
2. There is one ScriptAlias in the config file, put there by AWStats. Adding this directive ScriptAlias /cgi-bin/ /usr/local/apache2/cgi-bin/ didn’t seem to do anything. I even tried moving my hello (or should i say hellp) script into /usr/local/apache2/cgi-bin/ still 403.

Explicitly using Options
Even tried adding

Options +ExecCGI
AddHandler cgi-script .cgi

to the <Directory /var/www/> directive.

All to no avail. Any ideas for next step?

Best Answer

[Sat Jun 06 05:53:24.412867 2015] [authz_core:error] [pid 28374:tid 140381836453632] [client 108.205.62.183:55886] AH01630: client denied by server configuration: /usr/local/apache2

That means you haven't configured authorization for your webserver.

What you want to do is ensure that you have something like

<Directory /usr/local/apache2/cgi-bin>
    Require all granted
</Directory>

Note that in Debian, there's an advanced configuration system which would have done all of this for you, if you would have used it ;-)

To do so, first remove (or comment out) the things you've already added. Then:

a2enmod cgi
service apache2 restart
Related Question