Skip to content
Tech News
← Back to articles

FastCGI: 30 years old and still the better protocol for reverse proxies

2026-04-29 | original
read original get FastCGI Server Management Tool → more articles
Why This Matters

FastCGI, a 30-year-old protocol, remains a superior alternative to HTTP for reverse proxy communication due to its robustness and security advantages. Its continued relevance highlights the importance of choosing appropriate protocols to enhance web infrastructure security and performance.

Key Takeaways

HTTP reverse proxying is a minefield. Just the other week, a researcher disclosed a desync vulnerability in Discord's media proxy that allowed spying on private attachments. This is not unusual; these vulnerabilities just keep coming.

The problem is the widespread use of HTTP as the protocol between reverse proxies and backends, even though it's unfit for the job. But we don't have to use HTTP here. There's a 30-year-old protocol for proxy-to-backend communication that avoids HTTP's pitfalls. It's called FastCGI, and its specification was released 30 years ago today.

FastCGI is a Wire Protocol, not a Process Model

It's true that some web servers can automatically spawn FastCGI processes to handle requests for files with the .fcgi extension, much like they would for .cgi files. But you don't have to use FastCGI this way - you can also use the FastCGI protocol just like HTTP, with requests sent over a TCP or UNIX socket to a long-running daemon that handles them as if they were HTTP requests.

For example, in Go all you have to do is import the net/http/fcgi standard library package and replace http.Serve with fcgi.Serve :

Go HTTP l, _ := net.Listen("tcp", "127.0.0.1:8080") http.Serve(l, handler) Go FastCGI l, _ := net.Listen("tcp", "127.0.0.1:8080") fcgi.Serve(l, handler)

Everything else about your app stays the same - even your handler, which continues to use the standard http.ResponseWriter and http.Request types.

Popular proxies like Apache, Caddy, nginx, and HAProxy support FastCGI backends, and the configuration is simple:

nginx HTTP proxy_pass http://localhost:8080; nginx FastCGI fastcgi_pass localhost:8080; include fastcgi_params;

Show more config examples Apache HTTP ProxyPass / http://localhost:8080/ Apache FastCGI ProxyPass / fcgi://localhost:8080/ Caddy HTTP reverse_proxy localhost:8080 { transport http { } } Caddy FastCGI reverse_proxy localhost:8080 { transport fastcgi { } } HAProxy HTTP backend app_backend server s1 localhost:8080 HAProxy FastCGI fcgi-app fcgi_app docroot / backend app_backend use-fcgi-app fcgi_app server s1 localhost:8080 proto fcgi

... continue reading

Explore topics: fastcgi nginx apache caddy haproxy
Related:
FastCGI: 30 Years Old and Still the Better Protocol for Reverse Proxies
Laguna XS.2 and M.1
What async promised and what it delivered
Actively exploited Apache ActiveMQ flaw impacts 6,400 servers
I prompted ChatGPT, Claude, Perplexity, and Gemini and watched my Nginx logs

© 2026 GoKawiil

About | Editorial Policy | Contact