IIS configuration CGI

CGI is a very old technology. Today, it is turned out mainly because it is a relatively simple solution for developing WebService servers using C/C ++. With gsoap, you can easily generate relevant code. With the powerful functions of HTTP Server (IIS or Apache), you can easily develop a simple WebService, you don't need to consider security issues, multi-user concurrency issues, and session management issues. You just need to stand on the shoulders of the HTTP server to implement your own business functions. the following is an article on IIS configuration CGI in msdn.

Configure CGI application (IIS 6.0)

IIS 6.0 supports Common Gateway Interface (CGI) applications. This topic provides management information about installing and configuring CGI applications on web servers and setting CGI script timeout values.

Key points:
To minimize the attack surface of the server, IIS 2003 is not installed on Windows Server 6.0 by default. When IIS 6.0 is installed for the first time, IIS 6.0 will be locked-This indicates that only requests for static Web pages are enabled, and only the World Wide Web Publishing Service (WWW Service) is installed ). All functions on IIS will be disabled, including ASP, ASP. NET, CGI script, Microsoft FrontPage 2002 server extensions, and WebDAV release. If these features are not enabled, IIS will return the 404 error. You can enable the Web Service Extension node in IIS manager. For more information about how to solve the 404 error and other problems, see troubleshooting in IIS 6.0.

The CGI program is executed when the web server receives a URL containing the CGI program name and required parameters. If you compile a CGI program into an executable (.exe) file, you must provide a directory containing the program execution permission so that you can run the program. If the CGI program is written as a script (such as a Perl script), it can provide both the execution permission for the Directory and the script permission for it. To use the script permission, you must mark the script interpreter as a script engine.

Note:
By default, the iis_wpg group does not have the right to start the CGI process. If you have created a new account and added it to the iis_wpg group to run the workflow identity, you must also grant the account the user permissions to start the CGI process. These user rights are "adjust the memory quota of processes" and "Replace Process-level tokens ". For more information about how to modify user rights, see "Edit Local Security Settings" or "Edit Security Settings on Group Policy objects" in the Windows Server 2003 Help and Support Center ".

To develop a new CGI application, Microsoft provides several options. To speed up execution, consider developing an Internet Server API (ISAPI) extension. To facilitate development, consider developing ASP. NET applications.

This section contains the following information:

• Install CGI applications in IIS 6.0: This section describes how to install CGI applications on a Web server.
 
• Configure the maximum number of concurrent CGI requests: describes how to configure the maximum number of concurrent CGI requests.
 
• Configure CGI application Timeout: describes how to configure CGI application timeout value.
 

Install CGI application (IIS 6.0) in IIS 6.0)

Key points:
Only members of the Administrators group on the local computer can perform the following procedure. As the best security operation, log on to your computer using an account that is not in the Administrators group, and run the IIS manager as an administrator using the RunAs command. At the command prompt, type RunAs/User: administrative_accountname "MMC % SystemRoot %/system32/inetsrv/IIS. msc ".

Process
Install and configure CGI applications
1.
Create a directory for the CGI program. To increase security, separate the CGI program from the content file. There is no need to name the directory cgi-bin, though you can. For more information, see use virtual directories.
 
2.
If the CGI program is a script, obtain and install the corresponding script interpreter. For example, to run a Perl script, you must have a Perl interpreter. Windows operating systems do not provide Perl, sed, or awk versions. Therefore, you must obtain the interpreter from a third-party developer.
 
3.
If the CGI program is a. EXE file, the execution permission should be provided for the directory. If the CGI program is a script, it can provide both the execution permission for the Directory and the script permission for it. For more information, see Access Control in IIS 6.0.

If you select to provide script permissions for a directory, you must mark the script interpreter as a script engine in the directory's properties. Only the interpreter marked as a script engine can be executed in this directory. Executable files (. dll and. EXE files) cannot be directly executed, that is, browser requests cannot start executable files on the web server by adding a program name in the URL. By enabling the "script only" permission and selecting the "Script Engine" check box, you can securely store content files (such as. htm or. GIF files) in the same directory as CGI scripts. The content file can be displayed in the browser and executed simultaneously, but unauthorized programs cannot be run and script commands are not displayed in the browser.
 
4.
For CGI scripts, application ing should be created between the file extension of the script and the script interpreter.

IIS maps file extensions to interpreters. For example, if you use a Perl script (which is stored in a file with the. pl extension), map the. pl extension to the program that runs the Perl script. Map the. BAT and. CMD files to the command interpreter (cmd.exe ). For more information, see set application ing in IIS 6.0.
 
5.
Set NTFS permissions. If NTFS is used for access, verify that all users who need to run the program have the permission to execute the directory. If the website accepts anonymous users, make sure that the anonymous users (iusr_computername account) have the execution permission.
 

IIS supports most standard server environment variables.

For the sake of security, the web server does not pass the special characters of the command interpreter program to the mapped CGI application. By default, the following characters cannot be contained in the URL that calls the CGI application:

| (,; % <> Configure the maximum number of concurrent CGI requests (IIS 6.0) to prevent performance degradation and reduce possible security risks on the Web server, you can configure the maximum number of concurrent CGI requests that run simultaneously. Note: Only members of the Administrators group on the local computer can perform the following procedure. As the best security operation, log on to your computer using an account that is not in the Administrators group, and run the IIS manager as an administrator using the RunAs command. At the command prompt, type RunAs/User: administrative_accountname "MMC % SystemRoot %/system32/inetsrv/IIS. msc ". Key points: improper use of the Registry Editor may cause serious problems that require reinstallation of the operating system. Because the Registry Editor skips standard security protection (You are not allowed to enter conflicting settings that may degrade performance or damage the system), be careful when changing the registry. Microsoft cannot guarantee that the Registry Editor is incorrectly used. For information about how to edit the registry, see the "change items and values" topic in the Registry Editor help. Maximum number of concurrent CGI requests in Process configuration 1. from the Start Menu, click Run ". 2. In the open box, type regedit.exe, and click OK ". 3. Locate HKEY_LOCAL_MACHINE/system/CurrentControlSet/services/w3svc/parameters in the registry. 4. from the "edit" menu, point to "add", click "DWORD Value", and then add the following registry value: Name: maxconcurrentcgisexecuting type: REG_DWORD data: if the registry key does not exist, IIS uses the default value 256. You can set this value between 0 and 4294967295 (infinity) as needed. If you use a small value, it indicates that the number of CGI requests that run concurrently on the Web server is small. However, using a large value may reduce the performance. 5. Exit the Registry Editor. When you configure CGI application timeout (IIS 6.0) to set the CGI application timeout value, you need to manually set cgitimeout to configure database properties. For information about the database attribute configuration, see cgitimeout to configure database attributes. You can set the cgitimout attribute at the global level, individual site level, and site Element Level. Therefore, you can flexibly configure the entire cgitimeout level, and then customize the settings for each site and site element. If you want to edit this setting when running IIS, make sure to enable the "edit database RunTime" setting. For more information, see enable runtime editing in IIS 6.0.

This article from the csdn blog, reproduced please indicate the source: http://blog.csdn.net/hurtmanzc/archive/2007/08/21/1752603.aspx