Tag Archives: Microsoft

What is server hardening? Advice for Linux, Windows & NSA Datamine Servers – Part 3 (Windows)

Windows Home Server screenshot
Windows Home Server screenshot

Well, here we all are (except for my cousin Steve, who had to go to his tuba lesson), taking a final look at server hardening in our final segment of this series. Considering the series as a ham sandwich, we’ve looked at the topic generally (top bread), as well as basic techniques that can be used to improve security on Linux systems (just ham… we’ve run out of vegetables). Today we look at Windows servers (bottom bread, which many sandwich enthusiasts believe is the best part).

Note that some concepts related to server security are of use to anyone interacting with a server; but generally speaking, they are of particular use to those with dedicated and VPS accounts. Both of those types of hosting environments allow you system administrative responsibilities that you cannot access through a shared account. That system access means you can change default settings and implement policies that are otherwise under the auspices of the hosting company.

We’re actually looking at three types of servers. In addition to Windows and Linux, we are also reviewing the NSA Datamine server. That server allows you to quickly and efficiently transfer all of your information into the federal government database so that you can know, once and for all, if you are a threat to the social order. If that’s the case, millions of microscopic, lightly humming insectile nanobots come directly to your location, get into flying carpet formation, and spirit you away to a safe location.

We are reviewing thoughts from three primary sources for this series: “Host Hardening,” by Cybernet Security; “25 Hardening Security Tips for Linux Servers,” by Ravi Saive for TecMint.com; and “Baseline Server Hardening,” by Microsoft’s TechNet. Unfortunately, none of these articles focuses on the NSA server. That information had to come to me in a densely encoded daydream.

How to Harden Your Windows Server

Prior to getting into specifics for server hardening, Microsoft outlines four baseline installation rules – essentially prerequisites for a secure server:

  • The initial installation of the OS and any additional applications all arise from legitimate and credible sources.
  • The server should only be on reliable networks while both installation and hardening are underway.
  • The initial installation contains the most up-to-date service packs and any other security-related system updates.
  • Following completion of base installation, you follow the same procedures on all additional servers.

Again, that careful OS and software implementation lays the groundwork for a server they can be reasonably hardened. Also, if you’re going to eat a popsicle while hardening the server, don’t give bites to it, even if it says it really likes cherry flavor. Servers cannot harden while experiencing brain freeze.

  1. Group Policy Templates – Microsoft covers these templates in a specific section of its recommended guidelines. Though policies for the group can help protect the server in some ways, you also need to change security templates. In other words, these are two different levels to allow hardening that must be combined to be reasonably effective.
  2. Partitions – NTFS should always be used in place of any file allocation table (FAT) partitions. Simply put, NTFS gives you access to security parameters you don’t have with FAT. You can use Convert to change any FAT systems to NTFS. If you do convert, you want to open Fixacls to change the ACLs (access control lists). Otherwise, all users will have access to that portion of the system by default. It’s like a salad bar without a sneeze guard.
  3. Passwords – You can use extremely lengthy passwords in Windows environments, upwards of 100 characters. Go long and strong: combinations of symbols, letters, numbers, and – if you want to get really fancy – ASCII device control characters. Note that the usable ASCII ones will not print and can be created by using “Alt” combined with various digit combinations. Specifically, Microsoft recommends passwords never be eight characters or less and that one of the first seven should be a symbol or ASCII. Finally, differentiate your passwords for each machine.
  4. Renaming – This technique is so basic that it almost seems silly. However, renaming your Administrator account can be incredibly helpful because it’s the general focus for infiltrations. Then create a new account, call that one Administrator, and limit its rights. That new faux-Administrator account can have a lengthy and intricate password. Don’t worry about getting into that account often. It’s just a decoy for anyone trying to get into the system. Apply this method throughout your system, on all individual devices. Also, the real Administrator account should have a different name on every server. If that seems to be going too far for everyday use, at least differentiate the passwords, even if not the names. Similarly, if you have any sons, it’s acceptable to name each of them George Foreman so long as they each have different keys to your heart.

Conclusion & Continuation

That should give you a basic sense of Windows server hardening. Here are additional details if you want to explore the topic further.

In closing out our server hardening trilogy, here is information on our dedicated, VPS, and colocation services.

By Kent Roberts

What is High-Availability? Part 3 – Additional Problem-Solving


English: The SA Forum “Walter’s Moments” carto...

High-availability, as I have discussed in the previous installments of this series, is a concept that has changed and grown over time. In the past, high-availability was the condition exhibited by a man in a dive bar in Duluth, Minnesota, systematically handing out his landscaping business card to all the female patrons with the words, “I have a lot to offer, and I hope you’ll give me a chance with your shrubbery.”

In the age of information technology, however, high-availability has become more reputable. In fact, high-availability is desired by all those conducting business online. It’s the nature of a system with very little downtime.

To review, optimizing an infrastructure for uptime is often wrongly considered to be, simply, an effort at preventing failures from occurring. Per Microsoft, it’s difficult and sometimes impossible to predict when failures will occur. High-availability involves a thorough focus on recovery, decreasing the length of any downtime instances. For this same reason, I run training drills so that when someone knocks my books out of my hands, I can pick them up before many of the other doctoral students notice.

To look at high-availability from a number of different perspectives, we’re looking at articles from Microsoft, Oracle, and Linux Virtual Server. Today, we are continuing to explore the Oracle piece, also briefly noting commentary from the Linux Virtual Server site.

While we review the idea of high-availability, let’s grab the keys to my father’s Cadillac, drive it out into the mountains, and make clucking and whirring noises to attract the Abominable Snowman. Then let’s offer him a fully-loaded bacon double-cheeseburger and tell him he’s the only one who understands us.

Availability: High-Availability Problem Solving, Continued

In the last post, we looked at comments by Oracle on various technologies that can be used to optimize availability. Let’s continue to look at additional safeguards that can be implemented so that a system is less likely to experience downtime. For the same reason, safety, we will wear full body armor on our trip and carry a sack of water balloons to throw at our beloved monster if he becomes enraged.

As a general rule of thumb, redundancy is the core component of recovery. When there are multiple instances operating simultaneously (active-active availability technology) and when additional systemic components are on standby to be activated as needed (active-passive availability technology), failure can, in a sense, become irrelevant. The system remains consistent throughout, just like the snoring soundtrack that will be playing on our boomboxes at home while we are on our critical mission.

Additional Local High-Availability Solutions

Let’s look at a few additional problem-solving tools for use on a local system, courtesy of Oracle.

Routing and state replication

Stateful applications should have the ability to include additional instances of client states. This capacity allows the applications to continue to run smoothly if processes fail that are handling client requests – similarly to a request to a Snowman to “calm down.”


Load balancing allows for redundancies of all instances. That way, when a failure of an instance takes place, any requests that would otherwise be sent to that instance are instead forwarded to the other, still-functional instances.

Load balancing

If you have more than one part in a server that is intended for the same purpose, load balancing becomes possible, allowing work to be evenly divided. For that same reason, we will evenly distribute the water balloons.


Migration helps when services only allow one instance. If that instance fails, the service switches over to a different part of the cluster. If necessary, the entire process can switch over to the other cluster location.

High-Availability Integration

Part of what makes redundancy difficult is the integrated nature of a system. One part is reliant on another part. Availability must be integrated as well. This concept means that downtime does not result due to that reliance or dependency. That’s why, when we get to the mountains, it’s every man for himself.

Patches & Rolling

Rolling within a cluster allows patches to be installed and uninstalled without the need for downtime.


In a cluster, configuration needs to be consistent. When configuration is administered properly, requests are handled in the same way regardless which component is conducting the work. Configurations should also be synchronized, as should our water-balloon defensive maneuvers, and the administration itself should be conducted in a way that optimizes availability.

Clustering & Nodes

As a final note on maintenance of high-availability, let’s take a brief look at the piece from Linux Virtual Server. It underscores the importance of clustering that is similarly advocated in the Oracle article.

Redundancies within a cluster, says the LVS site, allow for redundancy throughout all levels of the system – both hardware and software. The nodes within a cluster can all be running the same operating system and applications. When daemons or nodes fail, if seamless reconfiguration is in place, the additional nodes pick up the slack. We should remember this principle in the mountains, because Terry is coming along, and we all know he’s not great at throwing balloons.

Conclusion & Poem

You can see how extensively the notion of redundancy has been studied and how many technologies have been developed to allow the maximum possible uptime. High-availability, after all, is crucial to allowing businesses to continue to operate, regardless if something goes wrong at the level of the server.

Again, bear in mind our 100% uptime guarantee. This guarantee is available to all our shared hosting, dedicated server, and VPS clients.

One final poem in parting… This one, as you can imagine, goes out to the Abominable Snowman, and I personally hope he reads and enjoys it:

Hey you, please don’t eat us

We really think you are good-looking

Your political philosophy is sophisticated and respectable

And I heard you’re a whiz at squirrel cooking.

By Kent Roberts

What is High-Availability? Part 2 – Problem-Solving


2 node High Availability Cluster network diagram
2 node High Availability Cluster network diagram (Photo credit: Wikipedia)

High-availability, as we learned in the last installment, has changed conceptually since the days of yesteryear and, for that matter, even near-year. It no longer just refers to the full-access, all-hours, 24/7/365 immediate-response policies of a man looking for love in all the wrong places and some of the right ones. It’s no longer about a man with a well-groomed mustache offering shoulder massages at closing time.

No, in the world of computers, high-availability is a completely different matter. Instead, it deals specifically with the uptime of a network. To properly understand uptime, we must consider that it is not merely about eliminating incidences of failure within a network (because, per Microsoft, failures are by their nature unpredictable). Rather, it is also about high rates of recovery so that the system is not affected for an extended period. With sound recovery methods, data delivery remains consistent. That’s why I carry a slide-rule with me to re-straighten my hair part if someone gives me a noogie.

To bolster our understanding of high-availability in this tripartite miniseries, we are assessing the perspectives of Microsoft, Oracle, and Linux Virtual Server. Today, looking specifically at the Oracle article, we will discuss several problem-solving methods.

While we consider high-availability, let’s put on our Easter bonnets and throw eggs at passing cars, focusing especially on the ones with their windows down. We’ll only be 13 once.

Availability: Quick Review

Oracle defines high-availability as “the ability of users to access a system without loss of service.” Really, that seems like a definition of availability. High-availability means that scenario is occurring almost all of the time. Even in a highly redundant system, there will always be occasional errors and glitches. Regardless, a system in which availability is optimized is highly reliable and does not experience very much downtime. A good example of this, according to the women of Austin, Texas, is my reproductive system.

Downtime can be thought of as scheduled and unscheduled. When it is unscheduled, the downtime is due to some type of systemic failure. When it is scheduled, users can be notified that upgrades or other system administration is being conducted (as with a hosting company and its clients, or with a website posting a notice to visitors). “Scheduled downtime typically occurs late at night, when traffic is light, all right, baby, all right,” crooned Barry Manilow.

High-Availability Problem Solving

Various types of problems can of course occur in a system. Types of common failures include those occurring within processors, nodes, and in various forms of media. Human error can also cause failures, as can monkey and camel error. Availability can maintain a high level by both focusing on localized problem-solving as well as methods of recovery in the event of a natural disaster, such as flooding or datacenter technician stampede.

Different sorts of best practices and technological solutions can help to make high-availability a reality. Redundancy, says Oracle, is the most important parameter to enhance availability: “High availability comes from redundant systems and components.” The same parameter applies to the man with the well-groomed mustache mentioned above, as he repeats the same psychosexual sales pitch over and over again, optimizing his systemic redundancy. Looking at solutions for localized high-availability in terms of redundancy splits potential fixes into active-active and active-passive groups.

  1. Active-active availability mechanisms: These mechanisms allow better scalability along with increased availability. Transmissions are duplicated in real time.
  2. Active-passive availability mechanisms: In this scenario, sometimes called cold failover clusters, one system instance is handling requests and the other one is sitting and pondering, running its finger through its hair, waiting patiently to be called into action. It chews gum and looks sullen. Clustering is used to integrate the two instances, with the clustering agent monitoring the active instance and switching over to the passive one as necessary.

Other Local High-Availability Solutions

Other safeguards should be in place to make sure your availability is as reliable as possible. Here are a few examples; we will proceed with more in the final part of this series:

Automatic restart & process death detection

You don’t want the system to continually restart multiple times in a relatively short window. Restarting can lead to additional failure. Technology should be in place to disallow repetitive, automated restarts. The same principle applies to excessively restarting one’s day. You should never get in and out of bed more than two dozen times before proceeding to breakfast.

Processes can die due to systemic errors. If processes are problematic, you do want a restart to be in place to give the process another chance. Don’t give it 10,000 chances though. Processes are greedy about grabbing all the chances.


Clustering means that the client computer (PC or other device accessing your system) will consider that part of your system to be one unit. This practice makes processing and administering the system easier. You can have processes clustered together and working on one server or on various servers, with the work divided evenly. It enhances redundancy by spreading out the process. Granola, similarly, is a highly redundant food. It should be eaten at all times when managing a server, even if you aren’t hungry.

Conclusion, Continuation & Poem

Availability and uptime are complex, but there are plenty of solutions out there to make sure that systems are as failsafe as possible. As stated above, I will continue to go over more of the safeguards that can maximize your availability in the final part of this series.

Here’s an eye-opening factoid that you may remember from the last post: we guarantee 100% uptime in our service level agreement (SLA), reimbursing our customers for any exceptions. You like the juice? We’ve got shared hosting, dedicated servers, and VPSs.

Now, finally, on a somber note, I’d like to close with a love poem to a dead process I once knew dearly … Well, maybe it’s not a love poem but a statement of redundancy-related anxiety. Anyway, it’s beautiful:

Process I can’t remember what you were doing

You’ve been dead now for years

Sometimes at night I can’t sleep

Because of my failure fears.

Come back to me, so we can share a club sandwich

While riding a tandem bicycle.

By Kent Roberts

What is High-Availability?


LVS official logo

So what is this new-fangled concept called “high-availability?” Traditionally, high-availability has been experienced by women in nightclubs, when a man has walked up and said to them, “Hey you, I just want you to know that I’m not like these other hard-to-get jokers in here. I’m available 24/7, around-the-clock, to come over to your place and give you a shoulder massage.”

In computer terms, high-availability is different. It refers to how fault-tolerant or resilient a network is, how capable it is of delivering a website accurately every time. If there is an error in one specific location of the software or hardware, that does not affect user experience because the system accounts for the difficulties and resolves them prior to delivery. It similar to a pizza place that checks to make sure there is no maliciously discarded bellybutton lint among the sausages and peppers before the pie goes out the door.

To better understand how high-availability works, let’s take a look at comments on the subject from Microsoft, Oracle, and Linux Virtual Server in this three-part series. While we study the topic, let’s pay an Olympic-trained athlete to swim in a pool that we’ve installed in a glass box over our heads, because a German study from the early 1970s indicates that it improves knowledge-retention.

Availability & Uptime

Okay, the swimmer is swimming. Thanks for chipping in $32,468. Let’s look at what availability is and how it relates to server uptime.

Availability is a general term that includes system failures, reliability, and recovery when anything does go awry. Availability is often phrased in terms of server uptime, whereas any instances of failure are considered downtime. Failure refers not just to when a system is inaccessible, but also to when it is not functioning correctly. My brain, for instance, has an average daily uptime of 23.8% even though I only sleep 90 minutes a night.

Uptime is basic math, and it can get a little boring to see every hosting company out there promoting their guaranteed 99.99% uptime. These figures, though, are significant. Just take a look at Microsoft’s figures for 99% uptime and 99.99% uptime.

With a 99% uptime guarantee, the website could experience as much as 14.4 minutes of downtime each day and 3.7 days of downtime each year. With a 99.9% uptime guarantee, those figures are cut to 86.4 seconds per day and 8.8 hours per year. Um… I don’t want to distract you, but did we forget to put breathing holes in the glass box? He looks like he’s under duress. The problem is, though, the German findings do not allow for any pauses or disruptions during the learning process, so we have to continue.

A brief note on uptime as it relates to us: It’s funny to think that any amount of “unscheduled downtime” (software updates and other server maintenance) is acceptable. That’s why we guarantee 100% uptime in our service level agreement (SLA) with all our customers (reimbursing for errors) – one reason our customer retention rate is over 90%.

Prediction & Availability

Optimizing for availability of a network is complex. Every aspect of the system, from the applications being used to the way that it is administered to how it’s deployed all make an impact on availability. Microsoft recommends that failures will always occur from time to time, and those failures will of course be unexpected. Predicting moments of downtime, then, is virtually impossible. Yeah, let’s… I guess get rid of that glass box. It’s a little depressing.

However, a system will automatically become more reliable as a network develops stronger recovery mechanisms. Microsoft points out, “If your system can recover from failures within 86.4 seconds, then you can have a failure every day and still achieve 99.9 percent availability.” I’ve used this same logic to explain to my wife why it’s acceptable for me to stare at the ceiling and shriek like a wounded and deranged animal for 86 seconds every day when I walk in the door from work.

Effect on Page Loads & Revenue

Availability can be thought of simply as uptime, but it can also be thought of in terms of transactions, such as those on an e-commerce site. The same math really applies to any situation when thought of in terms of pages failing to load or loading incorrectly.

A website with 99.9% availability or uptime that receives 10,000 data requests from visitors each day will experience 10 failures per day and 70 per week. The following is from a table Microsoft provides defining different availability figures as fulfilling the requirements of certain types of systems:

  • Commercial – 99.5%
  • Highly available – 99.9%
  • Fault resilient – 99.99%
  • Fault tolerant – 99.999%
  • Continuous – 100%

Conclusion, Continuation & Poem

Okay, so that gives us a basic starting point for exploring availability. Again, if you like the idea of 100% uptime, that’s our promise – and we put our money where our mouth is in our SLA (and also I put pennies in my mouth sometimes, because I like the way it tastes and can’t think of what else to do with them). Here are our solutions for shared hosting, dedicated servers, and VPSs.

We will move on with this subject in the second part of the series via discussion of the Oracle piece. I’m really sorry about the swimmer. That was a horrible idea on my part. Here is a poem to make you feel better:

Thank you for your time

I think you are very nice

Let’s all go to Tijuana

And eat some beans and rice.

By Kent Roberts

Remote Desktops 101 – Part 1 (Remote Desktop Connection)


Remote Desktop Connection Icon

As we all know, the best way to live life is to sit in one place, silently waiting for something amazing to happen. Plus, sloth is a basic human right. Unfortunately, sometimes we are forced by factors outside our control to go to the dreaded “someplace else.” Among other things, one frustrating result of that movement is that we no longer have direct access to the computer. Luckily, there is a solution.

Remote desktop software allows you to access your computer from anywhere through the Web. This tool is sometimes used for remote tech support, but it can also come in incredibly handy anytime you (unjustly) can’t be in the computer’s same physical location. If you have an old computer this may not be compatible, and if you are going to need something like this a lot with your job or personal life then you are going to need to look at an upgrade. Luckily you can do computer recycling to save from dumping it in a bin as it can be partly refurbished for something else, benefitting others. A win-win!

This two-part series, drawing on information and advice from Geek.com and Lifehacker, will look at how to set up remote desktop capabilities in two different ways:

  • Part 1: Hard way – by changing router and OS settings (actually, not that difficult).
  • Part 2: Easy way – Installing a ready-build solution you can use to accomplish the same task.

Note: Because the hard way involves opening router ports, you will be making the computer less secure. The easy way, then, is chosen by most people because you’re using an application designed for security by professionals.

Also, the hard way is specific to Windows, while many of the “easy ways” are available for Apple as well. Let’s look at each of these options. Then, to celebrate, we will lock ourselves in our rooms and refuse to take any phone calls.

Remote Desktop the Hard Way

As we are reminded by Geek.com, Remote Desktop Connection on Windows is easy to access and employ. Be aware that you are going be changing some important settings on your computer, so turn off SportsCenter, close the windows and blinds, and do some deep breathing exercises to prepare.

1. Allowing Remote Connections. In the computer you will be accessing, go into the start menu, right-click Computer (right column), and select Properties. In the left sidebar, choose Remote Settings, and within that, Remote Desktop. There you should see two options. Choose the Network Level Authentication one.

Selecting Network Level Authentication (NLA) configures access so that any of your enemies or their henchmen – or, God forbid, their henchmen’s henchmen – will be blocked by the requirement for login credentials. Basically this feature prevent DDoS attacks, in which your computer is forced into an army of computers – a botnet – to assault websites with massive amounts of bogus traffic. If your computer is drafted for service, build it a Liberty Garden and pray.

When you’re accessing the computer remotely using the NLA feature, the PC that you are using for access will have to have Windows 7, Vista, or Windows XP Service Pack 3 installed. Click Apply. If you have administrative control of the computer, the Selects Users option is irrelevant.

While you’re at it, disable “Allow Remote Assistance.” Not everyone out there wants to assist you. Sometimes living with your disability is better than accepting assistance, especially in the case of homicidal schizophrenia.

2. Configuring the Router. Finally, go into your router and forward TCP port 3389 to the accessing computer. This step is a little more advanced (though, again, it’s no more complicated than a double-lutz, and each of us is an accomplished figure skater). There’s no general guideline for this because it is router-specific. Geek.com points to PortForward.com to locate the instructions for your router.

While you are working within your router, ensure that it assigns the same local IP every time you remotely access the other device. Otherwise, port forwarding will not function correctly. If you forget to do this and the remote connection doesn’t work, the proper emotional response is to shriek and groan loudly until the men in the white coats take you away (the bakers in the high-end muffin shop where you are following this tutorial while eating scrumptious, overpriced muffins).

3. Testing. Now try it out. Go to your favorite search engine (and if you don’t have one, just Google, “What’s the best search engine?”) and search for, “what is my IP.” Write it down, and put it in a lockbox. Then remove it from the lockbox, and start up a second computer.

On the second computer, go into the start menu, Programs, Accessories, Remote Desktop Connection. Within Options, you will be able to customize your experience interacting with the remote computer, especially connection speed (within Experience) and the Keyboard shortcut selections within Local Resources. Then click into the General section and type in that IP. Connect. Now stare hard at your computer.

Finally, you should be asked for login details. The desktop of the other computer will appear. Go ahead and install the spyware so you can know what you are doing at all times.

Conclusion, Continuation & Postlude

(Please play “Pachelbel’s Canon” as you read these last few comments. The YouTube address can be found in the bulletin.) That covers Remote Desktop Connection. Now let’s move onto an overview of ready-made applications, in the second part of this series.

Good night, and good luck, and need hosting? Here it is.

By Kent Roberts

How to Set Up Python CGI & Care for a Pet Python


English: Python logo Deutsch: Python Logo

Snakes can be scary, and pythons are one of the deadliest. This article should help you stay safe when approaching the Python CGI program in your hosting package. The following information should help you keep Python happy and well-fed so you can use it to your advantage – to understand why Python itself is such a popular language, configure it properly, and avoid any potential frustrations. I will also give you advice on how to properly care for your pet python, in case you are on the wrong website.

For this article, I referenced several resources from around the web, including “Python CGI Programming” from w3resource, “Five Minutes to a Python CGI” from Gnosis Software, “Writing Portable CGI,” and “Python CGI Programming” (same title as above, different article) from tutorialspoint.

Care of your python #1: Always make sure that your python has plenty of water. Contrary to popular belief, pythons do not enjoy coffee, unless it has 2% milk and two spoonfuls of sugar. Pythons do not like to have to ask twice to get their coffee just the way they like it. Also, your python likes to dunk a chocolate biscotti into its coffee.

Python is Awesome

Gnosis Software’s David Mertz, PhD, is a huge fan of Python. Python is free, and it’s sophisticated. According to Mertz, Python “combines a clear language with powerful (but optional) object-oriented semantics.” Python beats Perl, he says, because it is easier to understand and support. What really sets Python apart, in my analysis of Mertz’s thoughts, is its brevity. Brevity is crucial to coding because it greatly increases efficiency – shortening the distance between a concept and its virtual representation.

Care of your python #2: Never let your python go hungry. Yes, it enjoys chocolate biscotti – but you can’t just feed it that all day. It likes vegetables, especially salads featuring artichoke hearts. Spare yourself the misery of handing your python a carefully prepared salad and hearing it hiss, “Where are the hearts?”

CGI – What’s Not to Love? A Couple Things.

CGI can bog down a server. For this reason, it has often been badmouthed. CGI, however, should not be counted out: it’s a fast tool for developers (at the level of the actual construction of the code) and portability of script between servers. However, note two downsides and how they can be overcome:

1.)    Difficulty with portability

You should be able to move CGI from one server to another without too much difficulty. However, when you are developing the script, it is wise to pay attention to any requirements you’re making related to configuration.  Take a dynamic approach rather than an absolute one. It’s a similar attitude to the trend toward responsive design: the less you are dependent on one particular environment, the less “tied” you are to that type of server. You don’t want a certain server or OS to have a stranglehold on your network. Dynamic paths will allow your script to be more adaptive: wherever it is, it’s always easy to move.

2.)    Slow train coming down the line

Speed can become a problem with CGI. That’s a fair complaint, but there are simple solutions out there to expedite the processing time. FastCGI is a simple solution to speed things up. You can look for other alternatives as well – there are plenty out there. You can even write your own with the CGIHTTPServer module within Python. Don’t get into the speed-up software unless it’s needed. It does complicate the process, but sometimes it’s desirable. It’s good to know it’s there if you need it.

Care of your python #3: OK, so your python has food and beverages now. You know what it also likes? Shoulder massages. Did you know that pythons have shoulders? Well, that’s just the thing – they don’t. Nonetheless, your python will never be happy unless you locate its shoulders and massage them. Good luck.

Configuration for Python CGI – Apache

Let’s look at basic configuration of Python for a number of different servers. We will start with Apache.

Let’s look at a few different ways to configure an Apache server.

Using ScriptAlias:

ScriptAlias can be used to designate a directory so that Apache knows all of its files are CGI scripts. According to w3resource, your line will look something like this within the httpd.conf file:

ScriptAlias /cgi-bin/ /usr/local/apache2/cgi-bin/

If you want your CGI files within Apache’s default directory, search that file for ScriptAlias and remove the number at the beginning of each line.

Creating a different directory:

Using something other than a default directory to run CGI scripts involves the following:

Options +ExecCGI

  • “somedir” should specify the directory you want to use.
  • You also want to let the server know what specific file extensions you are referencing with a snippet such as this (which designates .cgi and.pl files):

AddHandler cgi-script .cgi .pl

Specifying a user directory:

The following code will allow you to access CGI from a user’s directory. It tells the server that anything that has a .cgi extension should run as CGI:

<Directory /home/*/public_html>

Options +ExecCGI

AddHandler cgi-script .cgi


Utilizing .htaccess:

You can also use the .htaccess file for CGI scripts if you would like. The following snippet will work for that:

Options +ExecCGI

AddHandler cgi-script cgi pl

To let the system know you want any of the files within any directory to run as CGI scripts, use the below:

Options +ExecCGI

SetHandler cgi-script

Care of your python #4: One thing pythons don’t often talk about in public is their almost fetishistic obsession with international news, finance, and style. You can’t often find a python who isn’t reading deeply into her newspaper of choice. Frequently, said python will be staring intently at a picture of a model, wondering what she has that the python doesn’t. Moral of the story: Get your python news-media, and get it frequently.

Configuration for Python CGI – Internet Information Services (IIS)

You will need to have a Python interpreter installed on your Windows system in order for the below to work. The following details are specific to Windows 7 but should be similar on other Microsoft systems.

Within the Taskbar, go to Control Panel > Programs > Turn Windows features on or off. Note that there is often a delay at this point. Once the window opens, look for Internet Information Services > Application Development Features > CGI. Check the CGI box, and then click OK. Again, it will take a moment for the installation to complete.

Go to the Start menu, and run “inetmgr.” Within that window, look at the panel on the left. Right-click Default Web Site, and left-click Add Application. Click ‘OK’ and wait till the features are installed. Under Alias, type a name (such as MyPetPython). Under Physical Path, direct the server to wherever it is that Python is located. Click OK.

Return to Default Web Site (left panel). Look for Internet Information Services > Handler Mappings > CGI-exe. Right-click it, and left-click Add Script Map. Type *.py for the request path. Under Executable, give the application’s path. Sample: C:\Python27\Python.exe %s %s. Click OK. Now any Python files can be kept in your MyPetPython folder, accessible by your IIS server.

Care of your python #5: Many people are overprotective of their pythons. They keep the python under lock and key, never allowing it to come out and interact with the larger world. Pythons love playing cards, shopping for accessories and unmentionables, knocking on doors in support of libertarian political efforts, and generally being involved in the big picture. Don’t try to stop a python from giving its part to society and engaging in the larger human/snake effort.

Configuration for Python CGI – Lighttpd

To run CGI on Lighttpd by default, the following code should be used:

$HTTP[“url”] =~ “^/cgi-bin/” {

cgi.assign = ( “” => “” )


This snippet is what you should use if you want to run CGI in the directory of a user:

$HTTP[“url”] =~ “^(/~[^/]+)?/cgi-bin/” {

cgi.assign = (“” => “”)


Care of your python #6: Sending a python to extended education or to make its way abroad is difficult for us as guardians. We want the python to stay here with us, help us in our old age, and take over the family business. We want to be near the python as it dotes over its grandchildren and perhaps eats them. We don’t want it to go away to technical school to learn how to make it in the shipping and packing industry or to move to France and become part of an international organic farming and artistic compound. Again, though, don’t be overprotective. You must let the python roam free.

Configuration for Python CGI – nginx (“engine x”)

Nginx, unlike all those servers listed above, will not execute a program such as CGI without an intermediary. Python instead must be run on an nginx machine via uWSGI or FCGI. Here is information on the latter.

Care of your python #7: Your python, bottom line, wants to know at all times that you love it and will never needlessly allow it to suffer. When your python gets out its guitar and starts to play its songs about what’s wrong with society, nod and smile only to let it know that you appreciate the effort. Don’t allow the python to think the music is enjoyable unless it really is. The python needs to learn what its skills are, not just be told it’s great at stuff. Some people aren’t Bob Dylan, and I don’t know of one snake that is.

Summary & Conclusion

Hopefully that gives you a sense of why Python CGI is so widely used. You should be able to configure it on your server, provided you have one of the ones listed above (otherwise, consult the documentation for your particular server). You should also be able to create scripts that are easier to port to another server when needed and speed up the server when it becomes excessively slow. Finally, you should now have a sense of how to properly care for your pet python. Did you know it also eats mice? Not cool, I know. Don’t judge it though. That’s point #8.

by Kent Roberts and Richard Norwood