3

I'm having some problems trying to execute a CGI script through apache. This script is identical to the OpenLayers proxy.cgi which allows to make AJAX requests outside of one's domain. This script runs smoothly and without any errors using normal apache configuration (without SSL), but! when I enable SSL, it starts to behave erratically.

Let me show you first my apache configuration for SSL:

NameVirtualHost *:443
<VirtualHost *:443>
    ServerName 172.22.1.37
    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCertificateFile /etc/apache2/ca/apache-server.crt
    SSLCertificateKeyFile /etc/apache2/ca/apache-server.key
    SSLCertificateChainFile /etc/apache2/ca/proba.crt
    SSLCACertificateFile /etc/apache2/ca/proba.crt
    AddType application/x-x509-ca-cert .crt
    AddType application/x-pkcs7-crl    .crl
    Alias /mapviewer "/var/www/mapviewer/"
    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    AddHandler cgi-script .cgi
    DocumentRoot /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride All 
        Options +ExecCGI -Multiviews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

So, SSL loads correctly, since I have tried other webapps and they run smoothly in https, the problem is this app that uses the proxy.cgi

Weird thing is that when I start apache, at the beginning it will work correctly without any problem, but after a time (I'm not sure if it's dependent on time or number of request, although after testing I'd say it's the former) when the javascript code calls this proxy.cgi script, the request will just hang there and, in the end, be aborted due to "timeout".

Do I need to enable any other option to execute cgi scripts through https? is there something I'm missing? I can put the proxy.cgi code but I don't think it has anything to do since it has proven to work correctly, the problem here is that with SSL enabled, it won't be executed.

Thanks for reading!

Improve this question
2
  • do you have the address where this is happening available to the public? if so it would be useful for me to have a look so that I can see the requests and responses generated by the system. Commented Mar 20, 2013 at 0:24
  • I'm afraid not :( It's runnning on my local machine and, due to the proxy, I am not able to give you access to it Commented Mar 20, 2013 at 7:13

2 Answers 2

Reset to default
3

First of all, Thanks to Joseph Myers for his suggestions cause even if they did not provide a solution, they helped me toward it. What he said about zombie processes made sense and after having a deeper look I realized that instead of loading mod_cgid on apache start up, it loaded mod_cgi instead. The difference is quite noticeable, knowing (after having a look at httpd documentation) that mod_cgid

creates an external daemon that is responsible for forking child processes to run CGI scripts

and it also seems that it's the default, instead of cgi. I cannot remember myself changing that, but hell, who knows, it works now!

tl;dr, don't use mod_cgi! use mod_cgid instead!

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2
+50

I have had problems like this at times, and nearly all of them have been solved by forcing a "Connection: close" in every HTTPS response. It should be printed in the HTTP header. Also, make sure that the proxy.cgi script closes/exists after every run to make sure that the Apache SSL process isn't getting filled up with zombie processes that never close themselves.

Improve this answer

1 Comment

Thanks for answering! I tried both things you mentioned and it seems that's not it :( It also seems that, although this problem aroused when I configured SSL on my Apache server, it's still present even if I restored the previous configuration.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.