What is CGI?
Common Gateway Interface has been around since the mid 1990’s. It was the one of the first standards to specify how a server and a program could serve requests. From the RFC:
The Common Gateway Interface (CGI) allows an HTTP server and a CGI script to share responsibility for responding to client requests.
CGI allows any script or program to be called to serve dynamic content on a website. Needless to say, this was very popular and helped the web to explode from the 90’s onwards (pretty much everything was written using CGI). One of the amazing things about CGI is that you can use any programming language. C, Perl, Python, Ruby, even Bash. As long as the language has stdin and stdout, it will work. Here is a Bash script showing some system information:
#!/bin/bash
echo "Content-type: text/html"
echo ""
echo '<html>'
echo '<head>'
echo '<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">'
echo '<title>CGI Bash</title>'
echo '</head>'
echo '<body>'
echo '<p>Demo of using GNU Bash with CGI</p>'
echo '<h2>Hostname</h2>'
echo '<pre>'$(hostname)'</pre>'
echo '<h2>Bash Version</h2>'
echo '<pre>Using '$(bash --version | head -1)'</pre>'
echo '<h2>System Uptime</h2>'
echo '<pre>'$(uptime)'</pre>'
echo '<h2>Current Date</h2>'
echo '<pre>'$(date)'</pre>'
echo '</body>'
echo '</html>'
exit 0And the output of above script is:
Pretty awesome I think. Especially for a few lines of bash. And I’m sure you’ve noticed that the output could be anything. The sky is the limit.
Disadvantages of CGI
A lot of people like to hate CGI. Here are some of the common complaints they will shriek if someone asks a question about using CGI in 2023
A new process is started for each request which is horribly inefficient!
Yes it is, and for a helluva lot of websites / web services, that’s not a problem. If is a problem, FastCGI might help you out. Or, switching to a compiled language like C or Go.
It’s not suitable for creating a full blown site or service!
Maybe not. But what if you just want a simple contact form? Or a way of quickly uploading a file to a server (see below).
It’s been superseded by better alternatives and is now obsolete!
This seems to be the main objection that I see. Perl has dropped CGI.pm from the standard distribution. Python is removing CGI support in version 3.13.
I think this in the same mindset that says that people should never use GNU RCS now that Git has is a thing. But as I wrote in another post on this site, RCS is perfect for version controlling single files. Like a CGI script for example! Yep, I use RCS for my CGI scripts.
Advantages of CGI
- You don’t have to choose between a static or a dynamic site
I have quite a few static sites and quite a few dynamic ones. Usually, I have to decide up front which type I want to make as I’ll have to use a language that works on the web if I want to generate pages dynamically. The beauty of CGI is that you can have almost everything served statically, and just a few pages served dynamically. As usual with CGI, I don’t know of another technology that offers this flexibility.
- Use whatever language you want
- Set up is minimal
This is what I use with Apache:
# Enable CGI scripts in cgi-bin directory
ScriptAlias "/cgi-bin/" "/var/www/my-website/cgi-bin/"
<Directory /var/www/my-website/cgi-bin/*>
Options ExecCGI
SetHandler cgi-script
DirectoryIndex
</Directory>Done.
- You can get a service running in minutes
Just have a cgi-bin directory properly configured and dump your scripts in there. No “frameworks”. No config files. Just your CGI scripts. And the HTML files calling those scripts. It makes even the most minimal of minimal frameworks look complicated.
- It’s the right tool for some jobs
Most of the web software I write is made with bottle.py. But sometimes, even bottle is overkill. A recent example: my son wanted to send me some files. Even though I have accounts for Google Drive, Onedrive, Dropbox etc I thought it was crazy that even though I have multiple web servers, I had no easy way for someone to quickly upload a file to one of them. Well, thanks to CGI, I now have a (very) simple form that lets someone upload a file (10MB maximum) and then sends me an email notifying me. And it was done in about 10 minutes. To set up an equivalent service with Bottle would have probably taken hours.
Security Considerations
As with any service running on the internet, you will need to read some documentation to be aware of security risks. This is not just true for CGI, but for anything. The Apache website linked below has some tips. A search engine will no doubt give you more tips.
Conclusion
There is a reason that in 2023, CGI is still in use and refuses to die:
1. It’s relatively simple to learn and use
2. You can use whichever programming language you want
3. It’s an elegant protocol that solves a real problem
4. With CGI you can get something up and running quicker than any other technology I’m aware of.
5. You can mix static and dynamic content as you please
So please, ignore the CGI-MUST-DIE-TODAY crowd and at least keep it in mind as a solution to some of your programming problems. Like many technologies from the “early web” (yes. I’m looking at you WebDAV) CGI solved a problem pretty much as soon as it was discovered and was used for many years. Some of us still use it happily today and quietly laugh to ourselves at the “guru’s” having nervous breakdowns at the idea that such an old standard could still be used in 2023.
References and Recommended Reading
Apache CGI
The Magic of cgi-bin (Video)
Why I recommend CGI instead of web frameworks
Wikipedia FastCGI