IBM Support

CGI frequently asked questions

News


Abstract

This page answers frequently asked questions (FAQs) about IBM HTTP Server for i.

Content

You are in: IBM i Technology Updates  > Web Integration on i IBM HTTP Server for i > Introduction > CGI frequently asked questions

Product

What other products are necessary for starting the *ADMIN server and using the IBM Web Administration?

Apache

Is the IBM i version of Apache's source code available?

Is it the same as the EBCDIC open-source Apache?

How do I find out the version of Apache Server running on my IBM i?

Setting up your server

How do I setup language support for an HTTP server?

What are valid characters in a server name?

How do I enable the SSL port for the *ADMIN server?

Can directive or Alias contain spaces in the directory path?

How can I avoid the "Cross Site Tracing" vulnerability?

Startup

Why won't my server start?

Authentication

What can I do when HTTP server is not accepting Kerberos Authorization?

CGI

How can I have HTTP server prestart CGI jobs for CGI program in an IASP ?

Can the Server Side Include (SSI) echo directive display the values of standard CGI variables?

Do I need to modify my CGI programs running on other Apache platforms to run under IBM i?

Can I run CGI in more than one language using only one HTTP server?

How do I avoid the HTTP server doing any conversions of data passed to and from a CGI program?

How do I compile a CGI program in UTF-8 mode?

How do I allow the HTTP server to handle invalid escapes in POST data for a CGI program not compiled in UTF-8 mode?

How can I improve the performance of my CGI program?

How can I change the library list for my CGI program?

High Available Web server

How do I enable the HTTP server to be HA?

Proxy

Is it possible to do Proxy chaining with authentication?

Is it possible to block specific HTTPS requests when using Apache Proxy instance?

Additional support

How do I get Java Servlet support?

Does IBM i Apache support Java?

Can I run ASPs (Active Server Pages)on IBM i?

Why do I need Websphere (what is it anyway)?

General

What characters are valid in a URL?

How can I change the CCSID attribute for all my IFS files?

How can I improve the performance from my HTTP server?

What basic things should I review using QNTC file system?

How can I monitor the number of hits to my web site?

What other products are necessary for starting the *ADMIN server and using the IBM Web Administration?

The *ADMIN server and IBM Web Administration are part of DG1 product and require a few additional products. If you don't have these products installed, you will not have full functionality and the *ADMIN server may not start. To see if you have all the required products on your IBM i system, type:

GO LICPGM

This will take you to the work with licensed programs page. Choose number 10. Display Installed Licensed Programs. Look for one of the following 5761JV1(IBM i 7.1) and 5770JV1(IBM i 7.2) options. 

5761JV1 Option 12 Java SE 6 32 bit
5770JV1 Option 11 Java SE 6 32 bit

In addition, the following product options are necessary.

5770SS1 Option 3 Extended Base Directory Support
5770SS1 Option 12 Host Servers
5770SS1 Option 30 Qshell
5770SS1 Option 33 Portable App Solutions Environment

Is the IBM i version of Apache's source code available?

No, the IBM i source code is not published.

Is it the same as the EBCDIC open-source Apache?

No, the IBM i source code contains integration items optimized for IBM i and will only run on an IBM i.

How do I find out the version of Apache Server running on my IBM i?

You can display the version using the -V option of the STRTCPSVR command. For example:

STRTCPSVR SERVER(*HTTP) HTTPSVR(APACHEDFT '-V')

How do I setup language support for an HTTP server?

Your IBM i CCSID/codepage settings should be correctly configured for your primary language environment. To do this you must consider two settings:

  1. The CCSID value in Change HTTP Attributes (CHGHTTPA) CL command.
  2. The system value QCCSID

The correct values can be found by looking in Information Center Default system values for national language versions.

1. Click on the language/feature code you will be testing.

  • The Internet CCSID value will be used for CHGHTTPA
  • The QCCSID value will be used to change the QCCSID system value

2. Run the CL command CHGHTTPA and specify the value for the Internet CCSID. For example, to run in English:

CHGHTTPA CCSID(819)

3. Run the CL command CHGSYSVAL SYSVAL(QCCSID) and specify the value found for the QCCSID value. For example, to run in English:

CHGSYSVAL SYSVAL(QCCSID) VALUE(37)

What are the valid characters in a server name?

When creating a new server, enter a name that does not contain any special characters. Some products or applications that use the server name such as Digital Certificate Manager cannot handle the use of special characters.   A server name must begin with an alphabetic character and must not be longer than ten characters.

How do I enable the SSL port for the *ADMIN server?

Follow the instructions given in the Information Center at Set up SSL for the administration (ADMIN) server for HTTP Server.

Can directive  or Alias contain spaces in the directory path?

Yes. You must enclose the directory path in quotes.

How can I avoid the Cross Site Tracing vulnerability?

To turn this vulnerability off for HTTPS, add the following set of Rewrite directives both globally and in a  context.

RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]

Why won't my server start?

If your server won't start, you can usually find the reason in the JOBLOG. To view JOBLOGs of server jobs that have ended abnormally, enter the command:
WRKSPLF SELECT(QTMHHTTP)

The most common reasons for the server failing to start are:

  • The TCP/IP port is already in use - Change the server configuration to use a different port.
  • Configuration directives are not valid - Correct the directive that is flagged in the JOBLOG.
  • TLS Initialization failed - This can occur if TLS for the server is enabled AND one or more of the following is true. 
    • IBM Digital Certificate Manager (DCM) (5770-SS1 Option 34) is not installed.
    • The certificate store file (key database file) does not exist.
    • The server does not have authority to the certificate store file (key database file).
    • The certificate store file (key database file) password is expired.
    • The certificate store file (key database file) does not match the format of the installed Cryptography product.

What can I do when HTTP server is not accepting Kerberos Authorization?

There are many possible problems that can occur when using Kerberos Authentication. Many of these are outside the IBM i environment (for example, Windows platform, Active Directory directory service, as well as network issues). The following steps cover some of the most frequent problems in the Microsoft Windows environment.

  1. Download Microsoft Kerberos Tray (link resides outside of ibm.com) and use it to verify that the correct tickets are being obtained.
  2. Under Internet Explorer options (Tools ->Internet Options, then Advanced tab), make sure Enable Integrated Windows Authentication (requires restart) is selected.
  3. Make sure the timezone and date/time on your IBM i is the same timezone and date/time as on your Active Directory domain. On IBM i, the time zone value can be seen using this CL command:

   WRKSYSVAL SYSVAL(QTIMZON)

More troubleshooting and information about Windows based single signon can be found in the Red book Windows-based Single Signon and the EIM Framework on the IBM eServer IBM i Server

An example scenario of single signon with the IBM i HTTP server can be found in Red bookIBM HTTP Server (powered by Apache): An Integrated Solution for IBM eServer iSeries Servers (PDF, 10.1MB) (Chapter 6, Section 6.3)

How can I have HTTP server prestart CGI jobs for CGI program in an IASP ?

The StartCGI/StartThreadedCGI directives have been enhanced to allow an IASP name to be specified as the 3rd parameter so the prestart CGI jobs can be used for CGI programs in the IASP. For example:
StartCGI 6 QTMHHTP1 myiasp

In this example, 6 CGI jobs that run under user profile QTMHHTP1 will be prestarted and used for executing CGI programs in the myiasp IASP.

Note: if no IASP name is specified, the prestart CGI jobs can only be used for CGI program in system ASP.

Required PTFs:
IBM i 7.2: SI55722
IBM i 7.1: SI55746

Can the Server Side Include (SSI) echo directive display the values of standard CGI variables?

Yes. Use the echo directive to display the value for specified environment variables (including the standard CGI variables) using the var tag. If a variable is not found, a (None) is displayed. Both the set of standard CGI variables and the SSI specific environment variables that can be displayed using echo are listed in Environment Variables on HTTP Server.

Do I need to modify my CGI programs running on other Apache platforms to run under IBM i?

Yes. To port your CGI programs to IBM i you'll need to recompile them and move your data libraries and directories.

Can I run CGI in more than one language using only one HTTP server?

You can run CGI in various languages using one server. Customize your directory container using directives CGIJobCCSID, DefaultNetCCSID (allowed in a container), and CGIConvMode. There are two different methods you might want to consider for doing this. You can use a different library for each separate language or use the URI to determine the language of the user. See UTF-8 CGI programming example.

How do I avoid the HTTP server doing any conversions of data passed to and from a CGI program?

Any CGI program with a name that begins with nph_ is considered a no-parse header CGI program. This means that the server does no conversions on the data and adds no headers back in the response from the CGI program. The CGI programmer is in total control and is responsible for parsing the request and then sending all of the necessary headers back with the response.

How do I compile a CGI program in UTF-8-mode?

See Installing and running a UTF-8 ILE C CGI - Example.

How do I allow the HTTP server to handle invalid escapes in POST data?

If you have, for example, an XML file containing a "%" which does not indicate an escaped character, (for example, you have text such as "discount is 10%") or you have POST data that you do not want to fail because of invalid escape sequences, follow these conditions:

  • Text must contain only single byte (SBCS) data. Multi-byte data will fail.
  • CGI input conversion mode must be MIXED.
  • Client request must contain Content-Type: header with the value of text/xml (case insensitive).
  • If a charset is specified with the Content-Type: header, it must be a single byte character set.
  • Invalid Unicode escapes will be allowed in single byte data but not allowed in multi-byte data.

How can I improve the performance of my CGI program?

The performance of your CGI program is dependent on the characteristics of your CGI program as well as how the request is handled by the server.

One way to improve the performance of your CGI program is to specify a named activation group on the compile rather than taking the default. For more information, see CGI programs and activation groups in the Information Center.

The following contains information about improving the performance of CGI request handling by your server.

By default, if not running in the PASE environment, the CGI server job sets both the current directory and current library for each CGI request. The current directory is the path name of the CGI program library, for example, /QSYS.LIB/MYLIB.LIB/ and the current library is the library containing the CGI program, for example MYLIB. Once the CGI request has completed, the current library is changed to QHTTPSVR. These two actions can degrade the performance of each CGI request.

Starting in V5R4, you can improve the performance of each request with the following configuration changes.

  • The current directory 
    • The current directory is set to the path name of the library containing your CGI program.
    • To disable changing the current directory, add the following directive to your configuration:

   SetEnv QIBM_CGI_CHANGE_CURDIR
   N

     Note: Setting this value to N will prevent Net.Data from finding your INI file.

  • The current library 
    • The current library is set to the library containing your CGI program and will be changed to QHTTPSVR when the request is completed.
    • To disable changing the current library, add this directive to your configuration:

   SetEnv QIBM_CGI_CHANGE_CURLIB
   N

How can I change the library list for my CGI program?

This can be done using the SetEnv directive with the QIBM_CGI_LIBRARY_LIST environment variable and a list of the libraries. Be sure to uppercase the library names and separate them by semi-colons. For example:

SetEnv QIBM_CGI_LIBRARY_LIST "MIME;CGIURL;CGILIBL"

The listed libraries replace the libraries in the user part of the library list. When the CGI program has finished processing, these libraries will be removed from the library list and the library list will be restored to what it was before the CGI program ran.

How do I enable the HTTP server to be HA?

Follow the instructions given in Knowledge Center for Highly available Web server cluster on HTTP Server.

Is it possible to do Proxy chaining with authentication?

Yes, however you can only authenticate through the first server in the proxy chain.

Is it possible to block specific HTTPS requests when using an Apache proxy server?

Yes. Use  and  directives to deny CONNECT on the specific hosts. For example, the following will block https://www.foo.com requests:

Deny from all

How do I get Java Servlet support?

Java servlet support comes with IBM WebSphere Application Server. The latest information can be found at IBM Websphere Application Server site.

Does IBM i Apache support Java?

Yes. You can serve Servlets and JSPs using an Apache server which has been associated to a Websphere Application Server. HTTP Server does not support running Java CGI programs. If you have Java CGI applications, you should migrate those applications to Java servlets using WebSphere Application Server or the IBM integrated Web application server for i.

Can I run ASPs (Active Server Pages)on IBM i?

Apache on IBM i does not currently include ASP support.

Why do I need Websphere (what is it anyway)?

WebSphere Application Server for IBM i (WAS) is needed to serve JSPs and Servlets from Apache. It is the Application Server of choice on IBM i.

What characters are valid in a URL?

The specification for URLs, RFC1738 (link resides outside of ibm.com), limits the use of allowed characters to only a limited subset of the US-ASCII character set (2.2 URL Character Encoding Issues):

"The lower case letters "a"--"z", digits, and the characters plus ("+"), period("."), and hyphen ("-") are allowed.... In addition, octets may be encoded by a character triplet consisting of the character "%" followed by the two hexadecimal digits (from"0123456789ABCDEF") which forming (sic) the hexadecimal value of the octet. (The characters "abcdef" may also be used in hexadecimal encodings.)"

To insert, for example, the French accented à, you would use %E0 instead of the letter.

How can I change the CCSID attribute for all my IFS files?

You need to run the following CL command, specifying CCSID-value as the desired CCSID:

CHGATR OBJ('/www/directory/') ATR(*CCSID)
VALUE(CCSID-value) SUBTREE(*ALL)

How can I improve the performance from my HTTP server?

Follow the instructions given in  Red book IBM HTTP Server (powered by Apache): An Integrated Solution for IBM eServer iSeries Servers (PDF, 10.1MB) (Chapter 10)

What do I need to do to use the QNTC file system?

  • Ensure the user ID(s) that are to be used to access QNTC have the same password on the IBM i system and the NT server.
  • Ensure that user IDs have authority to access the shares on the NT server.
  • Make sure the connectivity between IBM i and the NT machine is setup correctly.

Note: The user profile that is authorized to the QNTC sharepoint /QNTC directory, must be the same as the user specified on the ServerUserid directive.

How can I monitor the number of hits to my web site?

Here are a few ways to monitor how many visitors are going to your site.

  • Use the IBM Web Administration for IBM i real-time server statistics to see the number of requests.
  • Download a hit counter to add to your web page. There are many available for free.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Component":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]

Document Information

Modified date:
15 March 2020

UID

ibm11171162