CGI How To

Table of Contents


The CGI (Common Gateway Interface) defines a way for a web server to interact with external content-generating programs, which are often referred to as CGI programs or CGI scripts.

Within Tomcat, CGI support can be added when you are using Tomcat as your HTTP server and require CGI support. Typically this is done during development when you don't want to run a web server like Apache httpd. Tomcat's CGI support is largely compatible with Apache httpd's, but there are some limitations (e.g., only one cgi-bin directory).

CGI support is implemented using the servlet class org.apache.catalina.servlets.CGIServlet. Traditionally, this servlet is mapped to the URL pattern "/cgi-bin/*".

By default CGI support is disabled in Tomcat.


CAUTION - CGI scripts are used to execute programs external to the Tomcat JVM. If you are using the Java SecurityManager this will bypass your security policy configuration in catalina.policy.

To enable CGI support:

  1. There are commented-out sample servlet and servlet-mapping elements for CGI servlet in the default $CATALINA_BASE/conf/web.xml file. To enable CGI support in your web application, copy that servlet and servlet-mapping declarations into WEB-INF/web.xml file of your web application.

    Uncommenting the servlet and servlet-mapping in $CATALINA_BASE/conf/web.xml file enables CGI for all installed web applications at once.

  2. Set privileged="true" on the Context element for your web application.

    Only Contexts which are marked as privileged are allowed to use the CGI servlet. Note that modifying the global $CATALINA_BASE/conf/context.xml file affects all web applications. See Context documentation for details.


There are several servlet init parameters which can be used to configure the behaviour of the CGI servlet.

  • cgiPathPrefix - The CGI search path will start at the web application root directory + File.separator + this prefix. By default there is no value, which results in the web application root directory being used as the search path. The recommended value is WEB-INF/cgi
  • debug - Debugging detail level for messages logged by this servlet. Useful values range from 0 to 5 where 0 means no logging and 5 means maximum logging. Values of 10 or more mean maximum logging plus debug info added to the HTTP response. If an error occurs and debug is 10 or more the standard error page mechanism will be disabled and a response body with debug information will be produced. The debug page is not considered secure and should not be enabled for production systems. Note that any value of 10 or more has the same effect as a value of 10. Default is 0.
  • executable - The of the executable to be used to run the script. You may explicitly set this parameter to be an empty string if your script is itself executable (e.g. an exe file). Default is perl.
  • executable-arg-1, executable-arg-2, and so on - additional arguments for the executable. These precede the CGI script name. By default there are no additional arguments.
  • envHttpHeaders - A regular expression used to select the HTTP headers passed to the CGI process as environment variables. Note that headers are converted to upper case before matching and that the entire header name must match the pattern. Default is ACCEPT[-0-9A-Z]*|CACHE-CONTROL|COOKIE|HOST|IF-[-0-9A-Z]*|REFERER|USER-AGENT
  • parameterEncoding - Name of the parameter encoding to be used with the CGI servlet. Default is System.getProperty("file.encoding","UTF-8"). That is the system default encoding, or UTF-8 if that system property is not available.
  • passShellEnvironment - Should the shell environment variables from Tomcat process (if any) be passed to the CGI script? Default is false.
  • stderrTimeout - The time (in milliseconds) to wait for the reading of stderr to complete before terminating the CGI process. Default is 2000.


Notice: This comments section collects your suggestions on improving documentation for Apache Tomcat.

If you have trouble and need help, read Find Help page and ask your question on the tomcat-users mailing list. Do not ask such questions here. This is not a Q&A section.

The Apache Comments System is explained here. Comments may be removed by our moderators if they are either implemented or considered invalid/off-topic.