Simple Common Gateway Interface

Last updated

The Simple Common Gateway Interface (SCGI) is a protocol for applications to interface with HTTP servers, as an alternative to the CGI protocol. It is similar to FastCGI but is designed to be easier to parse. Unlike CGI, it permits a long-running service process to continue serving requests, thus avoiding delays in responding to requests due to setup overhead (such as connecting to a database).

Contents

SCGI is a protocol which defines communication between a web server and an application server. This is in contrast to CGI, which is an earlier application (gateway) interface designed to let the application programmer avoid the complexity of sockets and long-running service processes when poor scalability and high overhead are acceptable.

The SCGI protocol leverages the fact that the web server has already parsed and validated the HTTP request, and canonically communicates the request to the SCGI server while letting the application programmer avoid parsing ambiguities and protocol edge cases. This avoids the complicated header-parsing and header-combining rules from RFC 2616, saving significant complexity in the SCGI server process.

History

Neil Schemenauer published the original SCGI protocol specification dated October 2001. [1] He developed the first implementations of SCGI and initially published them in April 2002. [2]

Specification

The client connects to a SCGI server over a reliable stream protocol allowing transmission of 8-bit bytes. The client begins by sending a request. When the SCGI server sees the end of the request it sends back a response and closes the connection. The format of the response is not specifically specified by this protocol, although CGI-equivalent HTTP responses are generally used. [note 1]

Request format

A SCGI request is the concatenation of netstring-encoded headers and a body. A SCGI response is a normal HTTP response.

Each header consists of a name–value pair, where both the name and the value are null-terminated strings (C strings). The value can be an empty string, in which case the terminating null still remains. Neither name nor value can contain any embedded null bytes. These considerations are standard for C strings, but are often confusing for programmers used to other standards for string-handling.

All provided headers are concatenated to form a single byte sequence, then netstring-encoded. The raw body, if any, is then appended.

Duplicate names are not allowed in the request headers; RFC 2616-compliant header combining [note 2] must already have taken place. The first request header must have the name "CONTENT_LENGTH" and a value that is the length of the body in decimal. The "CONTENT_LENGTH" request header must always be present, even if its value is "0". There must also always be a request header with the name "SCGI" and a value of "1". Standard CGI environment variables should be provided in SCGI headers for compatibility when converting older CGI programs to SCGI. The body (if any) provided in the request follows the headers; its length is specified by the "CONTENT_LENGTH" request header.

While the SCGI protocol insulates the service programmer from some HTTP considerations, various details (such as interpreting the octets of the message body as per the Transfer-Encoding header, the CONTENT_LENGTH being the number of octets after the body has been encoded for transmission, etc.) still require knowledge of the HTTP protocol specification.

Example

The web server (a SCGI client) opens a connection and sends the concatenation of the following strings to the service process (a SCGI server):

       "70:"            "CONTENT_LENGTH" <00> "27" <00>            "SCGI" <00> "1" <00>            "REQUEST_METHOD" <00> "POST" <00>            "REQUEST_URI" <00> "/deepthought" <00>        ","        "What is the answer to life?"

The SCGI server sends the following response back to the web server:

       "Status: 200 OK" <0d 0a>        "Content-Type: text/plain" <0d 0a>        "" <0d 0a>        "42"

The SCGI server closes the connection.

Web servers that implement SCGI

(this list is not complete)

Language bindings for the SCGI API

SCGI can be implemented in any language that supports network sockets and netstrings. The following is a partial list of languages with known SCGI bindings:

See also

Application/Gateway protocols:

Application hosts (language-specific):

Notes

1. ^ The specification document was placed in the public domain by Neil Schemenauer on 12 January 2006.
2. ^ For HTTP header combining, see RFC2616 section 4.2.

Related Research Articles

In computing, Common Gateway Interface (CGI) is an interface specification that enables web servers to execute an external program to process HTTP or HTTPS user requests.

<span class="mw-page-title-main">HTTP</span> Application protocol for distributed, collaborative, hypermedia information systems

The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, where hypertext documents include hyperlinks to other resources that the user can easily access, for example by a mouse click or by tapping the screen in a web browser.

Multipurpose Internet Mail Extensions (MIME) is an Internet standard that extends the format of email messages to support text in character sets other than ASCII, as well as attachments of audio, video, images, and application programs. Message bodies may consist of multiple parts, and header information may be specified in non-ASCII character sets. Email messages with MIME formatting are typically transmitted with standard protocols, such as the Simple Mail Transfer Protocol (SMTP), the Post Office Protocol (POP), and the Internet Message Access Protocol (IMAP).

Short Message Peer-to-Peer (SMPP) in the telecommunications industry is an open, industry standard protocol designed to provide a flexible data communication interface for the transfer of short message data between External Short Messaging Entities (ESMEs), Routing Entities (REs) and SMSC.

<span class="mw-page-title-main">Web server</span> Computer software that distributes web pages

A web server is computer software and underlying hardware that accepts requests via HTTP or its secure variant HTTPS. A user agent, commonly a web browser or web crawler, initiates communication by making a request for a web page or other resource using HTTP, and the server responds with the content of that resource or an error message. A web server can also accept and store resources sent from the user agent if configured to do so.

OBEX is a communication protocol that facilitates the exchange of binary objects between devices. It is maintained by the Infrared Data Association but has also been adopted by the Bluetooth Special Interest Group and the SyncML wing of the Open Mobile Alliance (OMA). One of OBEX's earliest popular applications was in the Palm III. This PDA and its many successors use OBEX to exchange business cards, data, even applications.

SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server. SOCKS5 optionally provides authentication so only authorized users may access a server. Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded. A SOCKS server accepts incoming client connection on TCP port 1080, as defined in RFC 1928.

In computer programming, a magic number is any of the following:

Modbus or MODBUS is a client/server data communications protocol in the application layer. It was originally published by Modicon in 1979 for use with its programmable logic controllers (PLCs). Modbus has become a de facto standard communication protocol for communication between industrial electronic devices in a wide range of buses and network.

A query string is a part of a uniform resource locator (URL) that assigns values to specified parameters. A query string commonly includes fields added to a base URL by a Web browser or other client application, for example as part of an HTML document, choosing the appearance of a page, or jumping to positions in multimedia content.

The Web Server Gateway Interface is a simple calling convention for web servers to forward requests to web applications or frameworks written in the Python programming language. The current version of WSGI, version 1.0.1, is specified in Python Enhancement Proposal (PEP) 3333.

Real-Time Messaging Protocol (RTMP) is a communication protocol for streaming audio, video, and data over the Internet. Originally developed as a proprietary protocol by Macromedia for streaming between Flash Player and the Flash Communication Server, Adobe has released an incomplete version of the specification of the protocol for public use.

In computer programming, a netstring is a formatting method for byte strings that uses a declarative notation to indicate the size of the string.

<span class="mw-page-title-main">Rack (web server interface)</span> API specification for web applications in programming language Ruby

Rack is a modular interface between web servers and web applications developed in the Ruby programming language. With Rack, application programming interfaces (APIs) for web frameworks and middleware are wrapped into a single method call handling HTTP requests and responses.

<span class="mw-page-title-main">WebSocket</span> Computer network protocol

WebSocket is a computer communications protocol, providing simultaneous two-way communication channels over a single Transmission Control Protocol (TCP) connection. The WebSocket protocol was standardized by the IETF as RFC 6455 in 2011. The current specification allowing web applications to use this protocol is known as WebSockets. It is a living standard maintained by the WHATWG and a successor to The WebSocket API from the W3C.

<span class="mw-page-title-main">Plack (software)</span>

Plack is a Perl web application programming framework inspired by Rack for Ruby and WSGI for Python, and it is the project behind the PSGI specification used by other frameworks such as Catalyst and Dancer. Plack allows for testing of Perl web applications without a live web server.

FastCGI is a binary protocol for interfacing interactive programs with a web server. It is a variation on the earlier Common Gateway Interface (CGI). FastCGI's main aim is to reduce the overhead related to interfacing between web server and CGI programs, allowing a server to handle more web page requests per unit of time.

Constrained Application Protocol (CoAP) is a specialized UDP-based Internet application protocol for constrained devices, as defined in RFC 7252. It enables those constrained devices called "nodes" to communicate with the wider Internet using similar protocols. CoAP is designed for use between devices on the same constrained network, between devices and general nodes on the Internet, and between devices on different constrained networks both joined by an internet. CoAP is also being used via other mechanisms, such as SMS on mobile communication networks.

<span class="mw-page-title-main">Yesod (web framework)</span>

Yesod is a web framework based on the programming language Haskell for productive development of type-safe, representational state transfer (REST) model based, high performance web applications, developed by Michael Snoyman, et al. It is free and open-source software released under an MIT License.

<span class="mw-page-title-main">HTTP request smuggling</span> Web security vulnerability

HTTP request smuggling (HRS) is a security exploit on the HTTP protocol that takes advantage of an inconsistency between the interpretation of Content-Length and Transfer-Encoding headers between HTTP server implementations in an HTTP proxy server chain. It was first documented in 2005 by Linhart et al.

References

  1. Schemenauer, Neil (October 30, 2001). "SCGI: A Simple Common Gateway Interface alternative". Archived from the original on 2002-04-03.
  2. "scgi-0.1.tar.gz". Index of /software/files/scgi. MNX: MEMS and Nanotechnology Exchange. April 12, 2002. Archived from the original on 2002-10-20.
  3. "Althttpd: The Althttpd Webserver". sqlite.org. Retrieved 19 May 2023.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.