Koha is running in CGI mode. This is a security issue!

Koha is running in CGI mode. This is a security issue! Run Koha using Plack for CSRF (cross-site request forgery) protection. More information: koha-plack --help.

This warning message appears in the Koha > About > Server Information section. Here is the reason to show the message and the solution to fix it.

Essentially, your library system is telling you that its engine is outdated and vulnerable to hackers.

The Problem

Koha is currently running on CGI. Think of CGI like an old-fashioned clerk who has to restart their entire computer every time a customer asks a single question. It’s slow, but more importantly, it lacks the security guards needed to verify that a request is legitimate.

Because of this, your system is at risk for CSRF (Cross-Site Request Forgery). This is a trick where a hacker sends a fake link that, if clicked by a librarian, could force the system to delete books or change settings without anyone realising it.

The Solution: Plack

The error message is telling you to switch to Plack. Plack is like a modern, 24/7 security team that stays "awake" and checks every visitor’s ID to make sure they aren't being tricked by a hacker.

How to fix it

Need to switch from CGI to Plack. Here are the commands to enable Plack. Here library instance name is library.

sudo koha-plack --enable library

sudo a2enmod headers proxy_http

sudo koha-plack --start library

sudo service apache2 restart

The error message will vanish, your staff pages will load much faster, and your data will be much safer from web-based attacks.