Web

The CSL supports a number of department web services:

  • http://www.cs.wisc.edu: Serves department and project web spaces
  • http://pages.cs.wisc.edu:Computer Sciences Department personal web pages. Serves personal web pages and scripts located in each user's ~/public/html directory.
  • Customized web hosting site available on request. Send email to lab@cs.wisc.edu to initiate your request.
  • https://csl.cs.wisc.edu: The CSL's home page and self-service site
  • https://www-auth.cs.wisc.edu: CS Department Authenticated Services - Room reservations, Web Forms and List Archives

Server information

The computer sciences department uses the Apache web server. Apache documentation is available at http://httpd.apache.org/docs.

Scripts

Scripts are allowed on the department webservers. We currently support:

  • CGI/perl
  • PHP
  • Python

Send email to lab@cs.wisc.edu if you have any questions about web site scripts and CSL Web SIte policies.

Using pages.cs.wisc.edu

pages.cs.wisc.edu hosts users' ~/public/html directories where persons affiliated with the department can maintain a web presence. Files residing in that directory will be hosted at http://pages.cs.wisc.edu/~/.

~/public/html is created by default for new users with the proper AFS ACLs.

CGIs on pages.cs.wisc.edu

Scripts can be run from your webpage directory by putting an appropriately named file in ~/public/html/ along with your other webpages. The name of the file determines how the file will be handled by the server.

  • Make sure that the file is executable by all users (ex: rwxr-xr-x).
  • Name the file according to the following:
Extension File Type Additional Info
.cgi CGI Scripts File is run according to the first line in the file (ex: #!/s/std/bin/perl).
.php PHP Script See also: http://www.php.net
.pl Perl Script See also: http://www.perl.org
.py Python Script See also: http://www.python.org

If you want to make it so that only the webserver can view certain web directories instead of the default of all users (system:anyuser), you can change your acls to allow host:www read access and disallow system:anyuser access:

fs setacl ~/public/html/ host:www read system:anyuser none

If your script needs the ability to write to your directory, please request a Web Hosting account. Do not allow system:anyuser or host:www write access anywhere as it presents a security risk!

SSL on pages.cs.wisc.edu

https://pages.cs.wisc.edu is the SSL version of http://pages.cs.wisc.edu. Your personal secure web pages are stored in ~/public/html-s and can be viewed on the web at https://pages.cs.wisc.edu/~username.

Project Websites on research.cs.wisc.edu

In order to get your project's website on research.cs.wisc.edu, please email lab@cs.wisc.edu. We can set up the server to any directory inside your project pages. It may also be best to create a separate webserver for your project. We can discuss both of these options.

SSL is available on research.cs.wisc.edu. By default, each project page directory is available both as http and https. If you need these to be separate directories, please email lab@cs.wisc.edu. If you want to force a page to be loaded as https, please read the SSL help below.

CSL Environment Web Hosting

If you need the webserver to write to files inside your home directory (ex: wiki, blog, feedback form), you need to request your own Web Hosting Site. Please email lab@cs.wisc.edu so that we can initialize your directory, create the DNS address, and load up the webserver. These sites are hosted separately and run as different users to reduce possible security hazards involved with allowing write access to AFS.

Location and ACLs

Your website URL will be based completely on your user name. The website name is http://<username>-www.cs.wisc.edu/. For example:

  • http://bbadger-www.cs.wisc.edu/

The location of the files is very similar to your existing website area. Files need to be placed in ~/public/html-www instead of ~/public/html. The webserver will run all webpages as your Linux user and the AFS user <username>.www.

For example, the minimum ACLs you need on your html-www directory for the webserver to be able to read it are:

% fs la ~bbadger/public/html-www
Access list for /u/b/b/bbadger/public/html-www is
Normal rights:
  system:administrators rlidwka
  bbadger rlidwka
  bbadger.www rl

Note: In order for the webserver to write to a directory, you must add <username>.www write ACLs.

Please also see the AFS Documentation for help regarding AFS ACLs.

General Environment

The CSL Environment Web Hosting is otherwise set up exactly the same as pages.cs.wisc.edu. It has the same modules (including php and perl) with the same default config. You will be able to use .htaccess files and connect to postgresql through kerberos.

Redirecting pages

If you install an .htaccess that redirects all traffic, you must create an exception for /status. All webservers in the department require that http://<hostname>.cs.wisc.edu/status returns necessary monitoring information. If you create a RewriteRule, you must make sure that the following line is present below the RewriteEngine On and above the RewriteRule definition:

RewriteCond %{REQUEST_URI} !^/status

SSL

SSL (https) is also available as a self-signed certificate. The source directory for https://<username>-www.cs.wisc.edu is the same directory as the http site (~/public/html-www). If you want to force users to the https site, you can put the following data into an .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/status
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Website Statistics for pages.cs.wisc.edu and research.cs.wisc.edu

Users can receive weekly statistics outlining how many times their World Wide Web pages were accessed and what other pages on the web contain links to theirs.

To receive a statistics report, a file called .statinfo should be created in your WWW directory.

  • On Linux systems: ~/public/html/.statinfo
  • On Windows systems: U:\public\html\.statinfo

For projects that have their own aliases in the server's configuration files, put the .statinfo files in the directory pointed to by the alias. A .statinfo file will also work in internal directories, such as ~/public/html/test/.statinfo.

The .statinfo file should contain a list of email addresses, one per line, to whom the statistics should be mailed. This is similar to a .forward file, except that the address must be valid email address, not a program or file. The statistics will be set to each person on the list every Friday night, shortly after midnight.

HTML and Apache Help

Using Include in multiple HTML documents

You can use the <--#include="file" --> directive in an HTML file to include HTML contents from another file available on the web server. When using such include directives you must make sure the document containing the #include directive must have one of the following traits for the #include directive to be processed:

  • HTML file must end with a .shtml suffix
  • Linux "execute" bit must be set (using chmod +x)

Note: using ~/username constructs in #include directives is expanded to ~username/public/html in the filesystem, much like URLs are translated (as discussed above).

Protecting Web Pages

Warning: The security offered by these measures is minimal. There is no way to prevent other CS users from exploiting the system and gaining access to your protected web pages.

This section explains how to restrict web page access by passwords or IP addresses. If you want to limit access, you probably want to limit AFS access to these files as well. Please also see the AFS Documentation.

Password Protection

Create a file called .htaccess in the directory you want to secure. You can only secure an entire directory, not individual files. With a text editor, add the following:

   AuthUserFile /path/to/.htpasswd
   AuthGroupFile /path/to/.htgroup
   AuthName "Foobar"
   AuthType Basic
   <Limit GET>
   require valid-user
   </Limit>

Be sure to substitute the correct paths and a more descriptive AuthName. The text following AuthName will be placed in the password prompt box. This .htaccess file will only let people in the .htpasswd file view the web pages - we'll make this file in a moment. If you want to limit the pages to certain people in your .htpasswd file you can specify them in the Limit element:

   <Limit GET>
   require user bbadger
   </Limit>

This will let only bbadger view the web pages, even if the .htpasswd file contains other entries. You can also limit the web pages to groups of people by creating a .htgroup file:

my-users: bbadger otheruser anotherperson

This .htgroup file defines the group my-users to contain bbadger, otheruser, and anotherperson. You then change the Limit element in your .htaccess file:

   <Limit GET>
   require group my-users
   </Limit>

Now you create the .htpasswd file. This file contains all valid usernames and their encrypted passwords. Create it with the htpasswd program:

htpasswd -c </path/to/.htpasswd> bbadger

This will create the .htpasswd file with an entry for bbadger. It will also prompt you for a password. If and when you add additional users omit the -c flag since the .htpasswd file has already been created:

htpasswd </path/to/.htpasswd> otheruser

Restricting by IP Address

Create a .htaccess file in the directory you want to secure. You can only secure an entire directory, not individual files. With a text editor, add the following:

   <Limit GET>
   order deny,allow
   deny from all
   allow from 128.105.0.0/18 128.105.96.0/19 128.105.128.0/17
   </Limit>

This will only allow computers in the Computer Sciences Department to read the web page.

You can also restrict by domain - the following example allows access from anywhere at the UW.

   <Limit GET>
   order deny,allow
   deny from all
   allow from .wisc.edu
   </Limit>

Displaying scripts as static content

If you need to serve files with one of the script extensions above but do not want the web server to display them as dynamic content, you need to create a .htaccess file specifying this preference. This file goes in the directory containing the file in question, and would contain the following for serving .pl files as plain text:

RemoveHandler .pl