Blog - Windows batch files for server-side scripts?

Requirements: Windows 2000 (or something similar, might not work on XP), Apache HTTPD

---

First, let's make our script-processing batch file. Mine is C:\BatchTPD\BatchTPD.bat and it contains these 3 lines:

@echo off
echo Content-Type: text/html
call "%PATH_TRANSLATED%"

The last line passes control over to the file requested by the client, as Apache will tell us through the PATH_TRANSLATED environment variable. Next, let's configure Apache to allow execution of batch files through our script above.

Warning: Do not do the following on a public web server, as it most certainly has some security issues.

I edited Apache's httpd.conf and added the following. This tells Apache to process batch files through C:/batchtpd/batchtpd.bat.
(This part in blue is the path on your server. The part in green is an arbitrary alias defined in Apache.)

ScriptAlias /batchtpd/ "C:/batchtpd/"
AddType application/x-httpd-bat .bat
Action application/x-httpd-bat "/batchtpd/batchtpd.bat"

Restart Apache (net stop apache, net start apache) and that's it! Your web server can now run Windows batch files!

---

But what kind of files? Here are a few examples that can be placed in your web root for instant results.

helloworld.bat - Outputs an HTML page saying "Hello world!" and also the contents of environment variables.

rem *** After headers, output a blank line
echo.
rem *** Body begins here
echo ^<html^>^<body^>Hello world!
echo ^<hr/^>^<p^>Environment variables:^</p^>^<pre^>
set
echo ^</pre^>^</body^>^</html^></pre>

The echo. at the beginning closes the response HTTP headers. It's possible to add HTTP headers by putting echo commands before this line.
All < and >'s must be escaped with ^ (which I think doesn't work at all on XP).

Sample output:

Hello world!

Environment variables:

COMSPEC=C:\xxxxx\system32\cmd.exe
DOCUMENT_ROOT=c:/apache/htdocs
HTTP_ACCEPT=text/html;q=0.9,text/plain;q=0.8,*/*;q=0.5
HTTP_ACCEPT_CHARSET=Shift_JIS,utf-8;q=0.7,*;q=0.7
HTTP_ACCEPT_ENCODING=gzip,deflate
HTTP_ACCEPT_LANGUAGE=en,ja;q=0.8en-us;q=0.5,fr-ca;q=0.3
HTTP_CONNECTION=keep-alive
... (etc.)

setcookie.bat - Sets a "batchhello" temporary cookie with the value "Hello world!".

rem *** Output headers
echo Set-Cookie: batchhello=Hello+world!
rem *** After headers, output a blank line
echo.
rem *** Body begins here
echo ^<html^>^<body>
echo Cookie "batchhello" set.
echo ^</body^>^</html^>

Cookies can be set, and the HTTP_COOKIE request header retrieved, but because of string processing limitations in batch files this one cannot be parsed, so it's fair to say that cookies are rather useless in batch file scripts (like all of this).

showcookie.bat - Shows the content of HTTP_COOKIE.

rem *** Output headers
echo Set-Cookie: batchhello=Hello+world!
rem *** After headers, output a blank line
echo.
rem *** Body begins here
echo ^<html^>^<body>
echo HTTP_COOKIE contains: %HTTP_COOKIE%
echo ^</body^>^</html^>

If you have accessed setcookie.bat beforehand, you should see:

HTTP_COOKIE contains: batchhello=Hello+world!

qs.bat - Batch file command glossary, using the query string parameter to determine which definition to show.

rem *** After headers, output a blank line
echo.
rem *** Body begins here
echo ^<html^>^<body^>
echo ^<p^>This page contains short descriptions of some batch file commands. Click each name to view the contents.^</p^>^<dl^>
echo ^<dt^>^<a href="?CALL"^>CALL^</a^>^</dt^>
if "%QUERY_STRING%"=="CALL" echo ^<dd^>Calls one batch program from another without causing the parent batch program to stop.^</dd^>
echo ^<dt^>^<a href="?ECHO"^>ECHO^</a^>^</dt^>
if "%QUERY_STRING%"=="ECHO" echo ^<dd^>Turns the command-echoing feature on or off, or displays a message.^</dd^>
echo ^<dt^>^<a href="?ENDLOCAL"^>ENDLOCAL^</a^>^</dt^>
if "%QUERY_STRING%"=="ENDLOCAL" echo ^<dd^>Ends localization of environment changes in a batch file, restoring environment variables to their values before the matching setlocal command.^</dd^>
echo ^<dt^>^<a href="?FOR"^>FOR^</a^>^</dt^>
if "%QUERY_STRING%"=="FOR" echo ^<dd^>Runs a specified command for each file in a set of files.^</d^>
echo ^<dt^>^<a href="?GOTO"^>GOTO^</a^>^</dt^>
if "%QUERY_STRING%"=="GOTO" echo ^<dd^>Directs to a line in a batch program marked by a label you specify. Makes for aldente spaghetti.^</dd^>
echo ^<dt^>^<a href="?IF"^>IF^</a^>^</dt^>
if "%QUERY_STRING%"=="IF" echo ^<dd^>Performs conditional processing in batch programs.^</dd^>
echo ^<dt^>^<a href="?PAUSE"^>PAUSE^</a^>^</dt^>
if "%QUERY_STRING%"=="PAUSE" echo ^<dd^>Suspends processing of a batch program and displays a message prompting the user to press any key to continue.^</dd^>
echo ^<dt^>^<a href="?REM"^>REM^</a^>^</dt^>
if "%QUERY_STRING%"=="REM" echo ^<dd^>Enables you to include comments (remarks) in a batch file or in your configuration files.^</dd^>
echo ^<dt^>^<a href="?SETLOCAL"^>SETLOCAL^</a^>^</dt^>
if "%QUERY_STRING%"=="SETLOCAL" echo ^<dd^>Allows you to create a environment variable for use within a batch file.^</dd^>
echo ^<dt^>^<a href="?SHIFT"^>SHIFT^</a^>^</dt^>
if "%QUERY_STRING%"=="SHIFT" echo ^<dd^>Changes the position of replaceable parameters in a batch file.^</dd^>
echo ^</dl^>
echo ^<p^>For more information on batch file commands, see the ^<a href="http://labmice.techtarget.com/articles/batchcmds.htm"^>Batch File Command Reference^</a^>.^</p^>
echo ^</body^>^</html^>

That's about as far as I'll go into this. :) You get the idea.

I tried running this on IIS too, but I kept getting a "Execute Access Denied" even though I have set all necessary permissions. Maybe IIS just knows better than executing anything that ends in ".bat"?