Recent Changes - Search:

Help Topics

User Accounts

Network Access

Other/Outdated Documentation

Additional Help

Staff Docs

  • (Private)

edit SideBar

FAQ /

WWW

On this page... (hide)

  1. 1. Web Server Aliases
  2. 2. WWW browsers
  3. 3. How to make homepages
  4. 4. CGI server, cgi-bin to make homepages
  5. 5. Department Web Updates
  6. 6. Web access/errors log files
  7. 7. Access Control
  8. 8. Advanced Features
  9. 9. SSL
  10. 10. Homepage counter
  11. 11. Searching
  12. 12. Generating usage statistics

1.  Web Server Aliases

PurposeAliases
Research domainswww.eecis.udel.edu www.ece.udel.edu www.cis.udel.edu
Academic domainswww.ecl.udel.edu www.acad.ece.udel.edu

2.  WWW browsers

Firefox is recommended for web browsing. Just run firefox in a command prompt or run terminal on a Unix machine. Firefox does not do email, Thunderbird can be used for that.

The latest of version of Mozilla is installed and supported. Just run mozilla in a command prompt or run terminal on a Unix machine. However, development of mozilla has stopped and it is suggested that users move to firefox for web browsing and thunderbird for email. Mozilla will be dropped from support in the future.

Note: Netscape is outdated and is not supported.

For text based browsing there is lynx. For downloading files the wget command is suggested.

3.  How to make homepages

In order to create a web page on the ECE/CIS machines, you must create a /usb/$USER/public_html with world read and executable permissions. Or if you want to restrict what people can see on the filesystem use ACLs and give read and execute permission to the httpuser user. (see man page for chmod about changing permissions) The URL for research accounts will be http://www.eecis.udel.edu/~<$USER>. Or replace eecis with ece or cis - they all point to the same directory.

Access to /usb/$USER/public_html is available over Samba. Please refer to the Samba FAQ (section 2.2.2 for PC, 3.2.2 for Mac) for more information.

For ECL the URL will be http://www.ecl.udel.edu/~<$USER>

For more information on HTML (HyperText Mark-up Language), please refer to HTML Beginner's Guide

4.  CGI server, cgi-bin to make homepages

User cgi scripts are not enabled on the main web servers mentioned above for security reasons. There is a webserver available to run CGI scripts on. It is on a separate, untrusted server to minimize security risks.

On Tuesday, August 15, 2006 the cgi server was upgraded. Part of this upgrade is that ZFS will be utilized to store users' cgi-bin directories. The path for cgi directories will change from /m/cgi/$USER to /cgi/$USER (drop the leading /m, /m/cgi will not work). A file listing with ls or similar should not be done on /cgi. Users should just cd to /cgi/$USER. Each user will have their own filesystem instead of a directory, the quota will be larger and can be viewed using df.

Info:

  • Server Name: cgi.eecis.udel.edu
  • Location to put cgi program: /cgi/$USER/public_html/cgi-bin/.
  • Name of cgi program must end in .cgi, for example program.cgi
  • URL would be http://cgi.eecis.udel.edu/~$USER/cgi-bin/program.cgi
  • perl with CGI.pm, a CGI library, is installed
  • program.cgi will run as $USER, and therefore can write and read anything that $USER can in /cgi/.
  • /cgi/$USER/public_html/cgi-bin/ needs to be readable and executable to httpuser, either mode 755 or with ACLs. However, your scripts do not need to be readable or executable to anyone other than $USER.
  • Access and errors logs are in /cgi/www/logs/.
  • Access to this server is through the filesystems mentioned above. Users do not have access to login to the server.

Note To have a filesystem made on this server to enable you to create/use CGI scripts, use the Computer Service / Help Request system and request access to the CGI server.

There are security issues that you should be aware of when writing your own scripts. Note, that if you have a security hole a CGI that your account on cgi.eecis can be compromized, so special care should be taken, when writing CGIs and in processing any data from them. (This is why CGI scripts are not enabled on the main dept. web servers)

Additional Info:

5.  Department Web Updates

For those who have permissions to update the department websites, the web files can be accessed from any research Sun machine. Stimpy will work fine.

Website AddressWeb Files Location
www.eecis.udel.edu/usb/eecis-web
www.ece.udel.edu/usb/ece-web
www.cis.udel.edu/usb/cis-web

6.  Web access/errors log files

The Web access logs for our web servers can be found under the directory /usb/www/logs. There are directories for each server with access and error files, which are the current active files. Those files are rotated nightly and a -number extension is added to them for one week and compressed using bzip2. They can be uncompressed to standard output using the bcat command. The access logs are also added nightly to the file access_archive, which is rotated monthly and bzip2ed for one year. This is also the location of PHP errors.

7.  Access Control

An htaccess file provides a method to limit directory and file access to authorized users with username/password pairs. First, create a directory that is mode 755 (or at least readable and executable to httpuser using ACLs. 

[~/public_html/]> ls -al
drwxr-xr-x 4 user group 512 May 18 11:39 .
drwxr-xr-x 3 user group 512 Mar 3 09:28 ..
drwxr-xr-x 2 user group 512 May 18 11:39 protected

The next step is to create your htaccess password file which will be used for authentication.

htpasswd -c /usb/$USER/public_html/.htpasswd new_username

Where new_username is the username you would like to add to the password file. This username does not have to nor should it be the same username or password as your EECIS account. The -c option is used to create a new file. Do not include that flag if you are adding new passwords to an existing file. Users can be deleted by using the -D option.

NOTE: The htpasswd file you create will contain ENCRYPTED passwords. The default encoding is standard Unix crypt, but MD5 hashes can be used by using the -m option and SHA1 hashes can be used by using the -s option. To avoid sending passwords in the clear over networks https should always be used instead of http in these situations.

After you have created the htpasswd file, the next step would be to create an .htaccess file in the directory you wish to restrict access to. 

[~/public_html/]> ls -al protected/
total 10
-rwxr-xr-x 1 user group 125 May 18 11:47 .htaccess

NOTE: The .htaccess file and your htpasswd file MUST be world readable. ( mode 644 ), or at least readable by the user httpuser using ACLs, and exist in the /usb web filesystem so the web server has access to them.

The contents of the .htaccess file ( which protects the entire directory ) are as follows: 

AuthType Basic
AuthName "My Protected Directory"
AuthUserFile /usb/username/public_html/.htpasswd
require valid-user

From above:

  • The AuthType tells the server what protocol is to be used for authentication. At the moment, Basic is the only method available. However a new method, Digest, is about to be standardized, and once browsers start to implement it, digest authentication will provide more security than the basic authentication.
  • The AuthName is what the user will see when accessing this directory.
  • The AuthUserFile contains the username / encrypted password pairs.
  • The require valid-user line only allows users in the chosen password file even try to authenticate.
  • You should now be able to test the new configuration by accessing that directory with your web browser.

An example of htaccess can be found here.

8.  Advanced Features

You can also require that the user use an encrypted session to access certain files. This is good for sensitive or confidential documents which you would not want to send over the network as cleartext. When used in conjunction with the password file you created above, you can allow secure access to only certain users, and certain ip addresses.

To do so, add the following to your .htaccess file (Changing it of course): 

<Files secret.txt>
SSLRequireSSL
require user secure
order deny,allow
deny from all
allow from 128.4.
</Files>

In the example above, SSL will be required when accessing the file secret.txt. The required username is 'secure', but any username which is in your htpasswd file can be specified there. Another option is to specify 'require valid-user', which will allow any user in your htpasswd file to authenticate. The 'allow from 128.4.' statement specifies that only users connecting from 128.4.*.* are allowed to access 'secret.txt'. A filemask can also be used in place of a specific file name.

9.  SSL

The primary goal of the SSL Protocol is to provide privacy and reliability between two communicating applications. The SSL protocol provides connection security that has three basic properties:

  • The connection is private. Encryption is used after an initial handshake to define a secret key. Symmetric cryptography is used for data encryption (e.g., DES[DES], RC4[RC4], etc.)
  • The peer's identity can be authenticated using asymmetric, or public key, cryptography (e.g., RSA[RSA], DSS[DSS], etc.).
  • The connection is reliable. Message transport includes a message integrity check using a keyed MAC. Secure hash functions (e.g., SHA, MD5, etc.) are used for MAC computations.

10.  Homepage counter

A graphical, CGI counter is installed on the ECE/CIS system. This counter can take many options. There are too many to go into detail here. The simplest way to use the counter is to use the following code (put it where you want the counter to appear):

<img src="/cgi-bin/Count.cgi?df=file.dat">

file.dat is the name of the datafile that stores the counter information. You must supply a unique filename for each page you want a counter on. Though it isn't required, you should try to incorporate your username into the datafile name to help avoid name conflicts.

e.g.: If your username is jdoe and the HTML file is index.html, use something like this:

<img src="/cgi-bin/Count.cgi?df=jdoe_index_html.dat">

There is a counter parameter (st) that lets you set the initial count. This parameter MUST be given to Count.cgi the first time it is called for a particular datafile.

To set your initial count to 100 use:

<img src="/cgi-bin/Count.cgi?df=file.dat&st=100">

The st option is ignored if the datafile already exists. The "&" is used to separate the options given to the counter.

11.  Searching

You can let people search through your web pages by using a cgi script called htsearch, the front-end component of HT://Dig. Instructions for adding search capability to your web pages is located here.

12.  Generating usage statistics

To construct a web page showing statistics for your web page, use the program Analog, currently installed in /usr/local/analog/ on the ECE/CIS network. This program will analyze the web log and construct an HTML file showing such statistics as the number of hits on each page, the number of failed requests, and the amount of data transferred, all broken down by day, week, or month.

To generate this page, you will need a configuration file. To get the default page output, create a configuration file with the following text: 

LOGFILE /usa/www/logs/www.<dept>.udel.edu/access
OUTFILE <output file name>
IMAGEDIR http://www.eecis.udel.edu/images/analog/ FILEINCLUDE /~<username>/*

<dept> is the department where your web page is located, either eecis, cis, ee. You can get accesses to your page(s) from all three depts by listing 3 separate LOGFILE lines in your config file.

The logfile named access for each dept is the current daily log. Previous days are named with a -1, thru -7 extension for the past week. A complete montly archive log is also maintained for each dept named access_archive. <output file name> is the name of the HTML file to which you would like the data written. <username> is your username on the ECE/CIS network. Of those lines, the first three should be self-explanatory. The last line indicates that only the statistics for your directory should show up in the output; you will otherwise get statistics for the entire website. You may exclude certain subdirectories or files from the output by adding the line:

FILEEXCLUDE /~<username>/<directory to exclude>/

There are 32 different reports that may appear in your output. You can select any combination of them, by entering into your configuration file the line:

<reportname> ON

or, if you do not wish a report to appear,

<reportname> OFF

<reportname> is a keyword identifying the report you would like to present. You can get a list of valid keywords here. Once you have set up the configuration file, you may invoke analog to generate your output file with the command:

/usr/local/analog/bin/analog +g<config file>

where <config file> is the name of the configuration file you created.

Comments

To add a comment, click the link below. You are free to contribute anonymously, but it is preferred that you sign your comments with your name. Simply add ~~~~ to the end of your comment to sign it. Regardless of whether you sign your comment, your username will be visible on the History page.
(Add Your Own)

Edit - History - Print - Recent Changes - Search
Page last modified on June 19, 2008, at 02:26 PM