[tpm] Splitting a perl cgi into cgi-bin and htdocs

Alex Beamish talexb at gmail.com
Sun Oct 26 19:12:22 PDT 2008


On Sat, Oct 25, 2008 at 11:36 AM, Indy Singh <indy at indigostar.com> wrote:
> Hi Folks,
>
> I am working on a perl cgi application and I'm wondering if it would be
> better to split it into two directories in cgi-bin and htdocs, or put all
> the parts into one directory under htdocs.
>
> Background:
> The perl cgi application consists of components like the following:
> 1) The main cgi script
> 2) Supporting perl scripts meant to run from a shell
> 3) Perl modules used by the scripts
> 4) Data files used by the cgi (e.g. templates)
> and
> 5) Data files that must be in the htdocs directory (like images)
> 6) Html documentation
>
> The files in the second group have to go in the htdocs directory, but I am
> wondering if I can simplify the directory structure by putting all the files
> from the first group in the htdocs directory.  One of the advantages of
> having a single directory structure is that installation would be
> simplified, one would just untar a single file into one directory.  Another
> advantage is that my Apache is already configured to use mod_perl to process
> .cgi and .pl file if they are in the htdocs or below.
>
> Anybody have experience with this?

I like to put each of the various files into different directories --
that way, instead of searching for one of the CGIs (say) in a
directory that has everything, or getting a listing of just the HTML
files, I just go to the specific directory and look there.

Typically, HTML files go into the htdocs directories, with any
associated files (graphics, flash) in a sub-directory. The CGIs go
into the mod_perl directory, with the templates either in the same
directory or a sub-directory, depending on the number of files.

Scripts to be run from the command line go into another directory
(bin, perhaps), outside of the htdocs and mod_perl directories, to
prevent the browser from accessing them. Any documentation
(presumably, material that won't be accessed by the browser) will also
go outside the htdocs and mod_perl directories.

I like the idea of putting the libraries in a central location (lib,
perhaps), so that both the CGIs and the command line scripts can make
use of them. This assumes that you don't have libraries that behave
differently under the mod_perl environment and the command line
environment.

So this means you have the following directory arrangement:

bin - command line scripts
doc - internal documentation
htdocs - HTML files
htdocs/images - graphics to be included by the HTML pages
lib - libraries shared by the CGIs and command line scripts
mod_perl - CGIs
mod_perl/templates - template files for web pages.

> Other questions that come to mind for the single directory scenario are:
> * How to configure .htaccess to run the cgi script by default?
> * How to prevent the perl shell scripts from being accessed?
> * How to prevent the perl modules (.pm files) from being accessed?
> Would be better to put the restricted files into a subdirectory and
> configure .htaccess file to deny access?

Since the web server is only allowed to access the htdocs and mod_perl
directories, there's no way for a browser to find or even know about
the bin, doc or lib directories. I would disable the ability to run
Perl scripts in htdocs and instead have the mod_perl directory handle
that. You could put restricted CGIs into a sub-directory of mod_perl,
and control access to that through .htaccess.

-- 
Alex Beamish
Toronto, Ontario
aka talexb


More information about the toronto-pm mailing list