Internet Information Services supports CGI applications. This topic provides administrative information on installing and configuring CGI applications on the Web server. For general information on programming CGI applications, refer to Microsoft's MSDN Online Library.
CGI programs are executed when the Web server receives a URL that contains the CGI program name and any parameters required by the program. If your CGI program is compiled into an executable file (.exe), you must give the directory that contains the program Execute permission so that users can run the program. If your CGI program is written as a script, for example a Perl script, then you can give the directory either Execute permission or Script permission. To use Script permission, the script interpreter must be marked as a script engine.
If you are considering developing new CGI applications, Microsoft provides several alternatives that you should explore. For faster execution, consider developing an ISAPI extension instead. For ease of development, consider developing an ASP application. ASP is particularly attractive for new programmers or scripters because it handles many of the chores traditionally associated with writing CGI applications, such as parsing HTTP headers. For more information, see Active Server Pages.
To install and configure CGI applications:The Windows operating systems do not provide versions of Perl, SED, or AWK. Interpreters can be obtained from third-party developers.
If you choose Script permission, then you must mark the script interpreter as a script engine in the property sheets for the directory. Only interpreters that are marked as script engines are allowed to execute in the directory. Executable files (.dll and .exe files) cannot be directly executed; that is, a browser request cannot launch an executable file on the Web server by including the program name in the URL. Using Script permission with the Script Engine option allows you to safely put content files (such as .htm or .gif files) in the same directory as your CGI scripts. Content files will be displayed in the browser and scripts will be executed, but no one can run an unauthorized program nor will script commands be displayed in the browser.
Caution If you give Read permissions to directories that contain executable files, visitors to your site can download and run your executable files. For security purposes, it is best to always keep executable files in a separate directory that does not have Read permissions set.
Internet Information Services maps file name extensions to an interpreter. For example, if you are using Perl scripts stored in files with a .pl extension, map the .pl extension to the program that runs Perl scripts. Map .bat and .cmd files to the command interpreter (Cmd.exe). See Setting Application Mappings.
If you are using NTFS access permissions, be sure that all users who need to run the program have Execute permissions for the directory. If your Web site accepts anonymous users, be sure the anonymous user (the IUSR_computername account) has Execute permissions.
Internet Information Services supports most of the standard server environment variables.
If your script accesses a script mapped to Cmd.exe running on a remote server, the default working directory is set to %SYSTEM32% on the local computer. The default value of %SYSTEM32% is \Winnt\System32 (on Windows 2000) and \Win95\System (Windows 95 or later).
For greater security, the Web server does not pass the command interpreter's special characters to a mapped CGI application. By default, the following characters cannot be included in the URL that calls the CGI application:
| ( , ; % < >
Although not recommended, you can enable the use of some of the special characters by changing the value of AllowSpecialCharsInShell in the registry. For more information, see WWW Service Registry Entries.