CGI stands for Common Gateway Interface. It is a standard protocol for web servers to execute programs and generate output for web browsers. The program is referred to as a CGI program (or a CGI script). It executes on behalf of the web server to produce output when a particular URL is requested by the user's web browser.

Benefits of CGIs

A CGI enhances a website in many ways. Starting from authenticating a user to providing a full scale shopping application, CGIs are at the very core of making the web dynamic and interactive. The following are some of the main benefits of using CGIs to enhance the user experience.

  • Personalized to the user: The output can be personalized to each user. For example, a user may be checking his bank account balances, which may need to be retrieved from the database.
  • Other types of personalization: The user may be using a mobile phone to access the website, and the output needs to be adjusted for the mobile phone resolution.
  • Making updates: An update is performed as a result of a form POST (explained below). For example, you may be updating your Facebook status.
  • Uploading files: A file uploaded by a user needs a CGI on the server end to handle the file upload request to store the file in a particular location.
  • Generating output: In addition to output displayed in the browser, many websites offer additional forms of output, such as Word Document, PDF, etc. Some of these documents may need to be generated on the fly by CGIs, such as your telephone bill or credit card statement.

Serving Static Files vs. CGIs

An HTML file (as well as JavaScript and CSS) is served out directly by the web server. A CGI program, on the other hand, is executed by the web server when a particular URL is requested. It is used for fulfilling requests which need access to dynamic information, such as that residing in a database. An example would be authenticating a user to allow access: the username and password could be stored in a database, and a request to validate the user would need to access this information. For servicing this request, the web server would execute a CGI program that would lookup the information and validate the user.

How a CGI works.

Configuring Web Servers

A web server runs HTTP server software which provides the ability to serve out HTML files, as well as execute CGI programs to generate output on the fly. The HTTP server software is configured by the web server administrator to execute specific programs when URLs matching specific patterns are requested.

Executing CGIs

When a user's browser makes a request to a particular URL, the browser sends a whole bunch of information, in the form of HTTP headers and possibly the HTTP body. Some of this may include:

  • The browser type
  • The user's name if the user has logged in
  • Any cookies previously stored by the web server
  • Form variables if the request is a POST request

When a CGI is executed to fulfil this request, the server passed on all this information to the CGI program. The CGI may use some or all of this information to handle the request and personalize the output to the user.

Handling Form POSTs

A primary use of CGIs is to process HTML forms.

A HTML form is a user-interaction device and provides a variety of controls so the user can provide input. When the user clicks a Submit button (or something similar) on the form, the web browser aggregates the information in the form and sends it to the target URL indicated in the form. The web server, in turn, typically invokes a CGI program and sends all the input collected from the user. This interaction is called a form POST, a technical term indicating the method of sending the form contents to the CGI. The CGI processes the form contents and produces a suitable response to be sent to the browser.

A Sample CGI

The following is a sample CGI program written in python. It can be deployed to a web server so that it is accessible from a URL similar to: http://www.example.com/cgi-bin/env.cgi. When invoked, the CGI reports all the variables it received in its environment from the web server. This is about as simple as a CGI program can get.

        #!/usr/bin/python

import os

print "Content-type: text/plain\n"
for key in os.environ:
  print key, "=>\"", os.environ[key], "\""

The Evolution of CGIs

CGIs have been a part of web servers since almost the beginning of the web. The first ever web server, the NCSA HTTPd Web Server, started off with support for serving static files only. Subsequently, it was recognized that executing a script in response to a URL request allowed the web server to generate dynamic content, and the CGI specification was born.

The earliest CGI programs were simple scripts written in a language such as Perl, TCL, Shell, etc. It could also be written in a compiled language such as C/C++, but this required an additional step of compiling the program to create the executable CGI.

As CGIs became more complex, and the user demands increased, it was recognized that creating a separate CGI process for servicing each request was rather too heavy in terms of the memory and CPU overhead. Especially when servicing the request takes less time than the overhead of creating a new process.

At this point, web servers started to embed full-blown script interpreters so user requests could be handled in a separate thread within a single web server process. This improved the efficiency of the request servicing, and cut the response times.

This coincided with the arrival of new languages specifically designed for the web, such as PHP. The PHP interpreter started off life as a CGI program itself. As a part of request processing, it parses the requested file for PHP directives and executes the commands there-in.

Today, in addition to CGI scripts, there are many technologies used for executing code on the server in response to a request.

Are you using CGI scripts in any part of your company's web site? Have you faced any particular issues with deploying or maintaining CGI scripts? Discuss below in the comments.