OpenLiteSpeed Web Server Users' Manual

Version 1.4 Rev. 1

CGI Context

Table of Contents

CGI Context

URI | Path | Extra Headers | Allow Set UID | Realm | Authentication Name | Require (Authorized Users/Groups) | Access Allowed | Access Denied | Authorizer | Add Default Charset | Customized Default Charset | Enable Rewrite | Rewrite Inherit | Rewrite Base | Rewrite Rules | Enable IP Geolocation | 

CGI ContextGo to top
Description: A CGI context defines scripts in a particular directory as CGI scripts. This directory can be inside or outside of the document root. When a file under this directory is requested, the server will always try to execute it as a CGI script, no matter if it's executable or not. In this way, file content under a CGI Context is always protected and cannot be read as static content. It is recommended that you put all your CGI scripts in a directory and set up a CGI Context to access them.
URIGo to top
Description: Specifies the URI for this context.
Syntax: The URI can be a plain URI (starting with "/") or a Perl compatible regular expression URI (starting with "exp:"). If a plain URI ends with a "/", then this context will include all sub-URIs under this URI. If the context maps to a directory on the file system, a trailing "/" must be added.
See Also: Location
PathGo to top
Description: Specifies the location of CGI scripts.
Syntax: The path can be a directory that contains a group of CGI scripts, like $VH_ROOT/myapp/cgi-bin/. In this case, the context URI must end with "/", like /app1/cgi/. The Path can also specify only one CGI script, like $VH_ROOT/myapp/myscript.pl. This script should have the corresponding URI /myapp/myscript.pl.
Extra HeadersGo to top
Description: Specifies extra response headers to be added. Multiple headers can be added, one header per line. Put "NONE" to disable headers inherited from parent content.
Syntax: "[HeaderName]: [HeaderValue]" in each line.
Example: Cache-control: no-cache, no-store
My-header: Custom header value
Allow Set UIDGo to top
Description: Specifies whether the set UID bit is allowed for CGI scripts. If the set UID bit is allowed and the set UID bit is enabled for a CGI script, no matter which user the CGI script was started on behalf of, the user ID of the CGI process will switch to the user ID of the owner of the CGI script.
The default is "Off".
Syntax: Select from radio box
Tips: [Security] Do not allow Set UID CGI scripts whenever possible, as it is inherently a security risk.
RealmGo to top
Description: Specifies the authorization realm for this context. When specified, a valid username and password must be provided in order to access this context. Authorization Realms are set up in the Virtual Host Security section. This setting uses each realm's Realm Name.
Syntax: Select from drop down list
Authentication NameGo to top
Description: Specifies an alternative name for the authorization realm for current context. If it is not specified, the original realm name will be used. The authentication name is displayed on the browser's login pop-up.
Require (Authorized Users/Groups)Go to top
Description: Specifies which user/group can access this context. This allows you to use one user/group database (specified in Realm) across a number of contexts, but only allow certain users/groups from that database to access this context.
Syntax: Syntax is compatible with Apache's Require directive. For example:
  • user username [username ...]
    Only listed users can access this context;
  • group groupid [groupid ...]
    Only users belonging to the listed groups can access this context.
If this setting is not specified, all valid users will be able to access this resource.
Access AllowedGo to top
Description: Specifies which IPs or sub-networks are allowed to access resources under this context. Together with Access Denied and server/virtual host-level access control, accessibility is determined by the smallest scope that a client's IP address falls into.
Syntax: Comma-delimited list of IPs/sub-networks.
Example: Sub-networks can be written as 192.168.1.0/255.255.255.0, 192.168.1 or 192.168.1.*.
Access DeniedGo to top
Description: Specifies which IPs or sub-networks are NOT allowed to access resources under this context. Together with Access Allowed and server/virtual host-level access control, accessibility is determined by the smallest scope that a client's IP address falls into.
Syntax: Comma-delimited list of IPs/sub-networks.
Example: Sub-networks can be written as 192.168.1.0/255.255.255.0, 192.168.1 or 192.168.1.*.
AuthorizerGo to top
Description: Specifies an external application that can be used to generate authorized/unauthorized decisions. Currently, only the FastCGI Authorizer is available. For more details about the FastCGI Authorizer role, please visit http://www.fastcgi.com.
Syntax: Select from drop down list
Add Default CharsetGo to top
Description: Specifies whether to add a character set tag to the "Content-Type" response header, when content type is either "text/html" or "text/plain" without any parameters. When set to Off, this function is disabled. When set to On, either the character set specified by Customized Default Charset or the default "iso-8859-1" will be added.
Syntax: Select from radio box
Customized Default CharsetGo to top
Description: Specifies a character set to be used when Add Default Charset is On. This is optional. The default value is iso-8859-1. This entry has no effect when Add Default Charset is Off.
Syntax: Name of a character set, like utf-8
Example: utf-8
Enable RewriteGo to top
Description: Specifies whether to enable LiteSpeed's URL rewrite engine. This option can be customized at virtual host- and context-level, and is inherited along the directory tree until it is explicitly overridden.
Syntax: Select from radio box
Rewrite InheritGo to top
Description: Specifies whether to inherit rewrite rules from parent contexts. If rewrite is enabled and not inherited, rewrite base and rewrite rules defined in this context will be used.
Syntax: Select from radio box
Rewrite BaseGo to top
Description: Specifies the base URL for rewrite rules.
Syntax: URL
Rewrite RulesGo to top
Description: Specifies a list of rewrite rules at virtual host or context level. A rewrite rule is comprised of one RewriteRule directive and optionally preceded by multiple RewriteCond directives.
  • Each directive should take only one line.
  • RewriteCond and RewriteRule follow Apache's rewrite directive syntax. Just copy and paste rewrite directives from your Apache configuration files.
  • There are minor differences between LiteSpeed and Apache mod_rewrite implementation:
    • %\{LA-U:variable\} and %\{LA-F:variable\} are ignored by the LiteSpeed rewrite engine
    • two new server variables are added in the LiteSpeed rewrite engine: %\{CURRENT_URI\} represents the current URI processed by the rewrite engine and %\{SCRIPT_NAME\} has the same meaning as the corresponding CGI environment variable.
The implementation of LiteSpeed's rewrite engine follows the specifications of Apache's rewrite engine. For more details about rewrite rules, please refer to Apache's mod_rewrite document and Apache's URL rewriting guide.
Syntax: string
Enable IP GeolocationGo to top
Description: Specifies whether to enable/disable IP Geolocation lookup. It can be set at server-, virtual host-, or context-level. IP Geolocation is disabled by default when using value "Not Set".
Syntax: Select from radio box
See Also: Use Client IP in Header, DB File Path, DB Cache Type