Presentation is loading. Please wait.

Presentation is loading. Please wait.

TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport TPR5: Custom Configurations: Unlock the Power of Apache Steven Lewis Web Manager SUNY.

Published byRoger Owens Modified over 8 years ago

Similar presentations

Presentation on theme: "TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport TPR5: Custom Configurations: Unlock the Power of Apache Steven Lewis Web Manager SUNY."— Presentation transcript:

1 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport TPR5: Custom Configurations: Unlock the Power of Apache Steven Lewis Web Manager SUNY Brockport

2 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Problem #1: Migrate from IIS to Apache without Losing ASP Inherited IIS from previous Webmaster Crashes, Viruses Unfamiliar Challenge: Case Awareness v. Case Sensitivity Major Obstacle: Installed Base of ASP Apps

3 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Solution: Build new Solaris/Apache server Keep identical URLs Same account/FTP access method Keep NT server until ASP apps are moved (renamed to nt.web.brockport.edu) Proxy ASP requests to existing IIS server Time to migrate ASP apps to new infrastructure mod_speling [sic]

4 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Code: httpd.conf: RewriteRule ^(.*\.[Aa][Ss][Pp])$  http://nt.web.brockport.edu$1 [P] CheckSpelling On

5 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Notes on Security IIS machine can deny all requests not coming from new Web server  Limits attack vectors to.asp requests  Reduced machine load; Improves stability (Please note: author does not recommend running IIS under any circumstances, and assumes no responsibility for any consequences of your software decisions.)

6 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Problem #2: Security for Administrative Functions or Internal Information over the Web https is set up as a mirror of http Certain tasks or information demand extra security  Passwords, Home Addresses, etc. No robust institution-wide internal document repository Need to restrict certain folders to https-only

7 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Solution: Develop standard naming convention for Web app administrative functions  …/admin/… Place internal information and documents within one folder  /internal/… Add password restrictions to limit access

8 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Code: httpd.conf: # admin only RewriteCond %{SERVER_PORT} ^80$ RewriteRule ^(.*/admin/.*)$  https://www.brockport.edu$1 [R] # admin and internal RewriteCond %{SERVER_PORT} ^80$ RewriteRule  ^((.*/admin/.*)|(/internal.*))$  https://www.brockport.edu$1 [R]

9 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Problem 3: Too Many Passwords, No LDAP Using old e-mail system, no LDAP in place Need a source of passwords people will remember Debugging scenarios/special cases (e.g. Emeriti)

10 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Solution: Mod_auth_external: run an arbitrary program to do authentication Write a Perl script to make a POP connection to server Write a program to do any check conceivable Works with any Web page – httpd authentication

11 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Code: httpd.conf: AddExternalAuth brockport-pop  /web/auth/po-pop SetExternalAuthMethod brockport-pop pipe

12 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport More Code:.htaccess: AuthType Basic AuthName "SUNY Brockport NetID Login" AuthExternal brockport-pop # do authorization in-program/any user OK Require valid-user # limit to these two users only # Require user slewis jdoe

13 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Still More Code: #!/usr/local/bin/perl use strict; use IO::Socket; # Grab username and password as passed by STDIN my $USER = <>; my $PASSWORD = <>; chomp $USER; chomp $PASSWORD; ## network connection ## or database query ## or anything else...

14 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Problem 4: Preview/Test New SSI Templates Before Rollout No Content Management System Use SSI templates for common code Need to test/debug template upgrade for 10,000s of pages Make changes to smooth transition

15 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Solution: Open new server port for test (e.g. 8080) Use same configuration, files as site Change only template folder with SSI data, so: http://www.brockport.edu:80/templates/ and http://www.brockport.edu:8080/templates/ are the only differences. http://www.brockport.edu:80/templates/ http://www.brockport.edu:8080/templates/

16 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Code: httpd.conf: #... Alias /templates/ /web/live/wwwroot/templates2/

17 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Lots of Problems Problem 5: Bad Links to First Web Server Problem 6: CGI Web Page Counter Upgrade Problem 7: Web Reports’ HTML Code Like SSI – Produces Errors Problem 8: No Copyright Notice in Pages Problem 9: Adding CSS for SSI Template Upgrade

18 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Common Solution: Dynamic Recoding of Pages Requires: Perl, mod_perl, Apache::Filter Perl module

19 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Solution Code to Problem 5: # change server references in HTML to www only: s{http://cc\.brockport\.edu} {http://www.brockport.edu}ig; s{http://zathras\.web\.brockport\.edu} {http://www.brockport.edu}ig;

20 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Solution Code to Problem 6: # change counter programs while ( m|/counter/counts40\.exe?([^"]+)"|i ) { #parameters of new counter my ($STYLE, $LINK, $PARAM) =("A","sample.dat",$1); my $URL = '/cgi-bin/counter/counter.cgi'; if ( $PARAM =~ m!style=([^"'|&]*)!i ) { $STYLE = $1; } if ( $PARAM =~ m!link=([^"'|&]*)!i ) { $LINK = $1; } s{/counter/counts40\.exe?([^"]+)"} {$URL?ft=0&pad=N&df=$LINK&dd=$STYLE"}i; }

21 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Solution Code to Problem 7: # certain HTML comments looked like SSI -- delete if ( $ENV{ 'REQUEST_URI' } =~ m|^/its/web/reports/(\D+/)?\d+/| ) { s| ||; }

22 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Solution Code to Problem 8: # after loop through file content: # print copyright notice in HTML comment print " \n";

23 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Solution Code to Problem 9: my $cssdone = 0; # allow bypass mechanism if ( exists $ENV{SBT_VERSION} and $ENV{SBT_VERSION} == 2 ) { $cssdone = 1; } my $REPLACE = qq| <link href="/templates/css/print.css" rel="stylesheet" type="text/css" media=" print" /> |;

24 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Problem 9 cont: while ( ) { if ( $cssdone ) { #s|(href="?http://www\.brockport\.edu)/|$1:8080/|igs; print; } elsif ( m|/templates/css/| ) { $cssdone = 1; print; } else { if ( s| |$REPLACE|i ) { $cssdone = 1; } print; }

25 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Problem 10: Activate PHP… but not for Everyone PHP is a server-wide technology  You either have it or not PHP is a programming language  Security risk by definition Installation without safeguards can expose server to problems Desire to use same server (ASP solution not viable)

26 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Solution #1: Hard-code directories in httpd.conf Constant changes, increases in PHP use Server resets to take effect

27 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Solution #2: Use an environment variable in.htaccess files Directory-level control of.htaccess  no better than wide open Did not resolve in time to work

28 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Solution #3: Create a controlled file-system “hack” to enable PHP Careful use of a specialized directory prevents bypassing Configurable on-the-fly  Server stays online Invisible to the public

29 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Requirements and Code: Requires: mod_rewrite, mod_php, UNIX/LINUX file system RewriteRule ^(.*\.php)$ /php-bin$1 [PT]

30 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport How does it work? User requests /admissions/openhouse/register.php Will work if:  /php-bin/admissions/openhouse/register.php is the real PHP file  /php-bin/admissions/openhouse/register.php is a symbolic link to the PHP file  /php-bin/admissions/openhouse/ is a symbolic link to /admissions/openhouse *  /php-bin/admissions/ is a symbolic link to /admissions/ * User requesting /php-bin/* will not work unless you want it to. It redirects internally to /php-bin/php-bin/ * = presumes PHP file resides as “advertised”

31 TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport Where to get software discussed: Apache Web Server: http://httpd.apache.org/download.cgi http://httpd.apache.org/download.cgi PHP: http://www.php.net/downloads.phphttp://www.php.net/downloads.php Mod_ssl: http://www.modssl.org/http://www.modssl.org/ Mod_auth_external: http://www.unixpapa.com/mod_auth_external.html http://www.unixpapa.com/mod_auth_external.html Perl: http://www.perl.com/download.csphttp://www.perl.com/download.csp Mod_perl: http://perl.apache.org/download/index.htmlhttp://perl.apache.org/download/index.html Apache::Filter: http://search.cpan.org/~kwilliams/Apache- Filter-1.024/http://search.cpan.org/~kwilliams/Apache- Filter-1.024/

Download ppt "TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport TPR5: Custom Configurations: Unlock the Power of Apache Steven Lewis Web Manager SUNY."

Similar presentations

METALOGIC s o f t w a r e © Metalogic Software Corporation 2004-2006 DACS Developer Overview DACS – the Distributed Access Control System.

METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.
DT211/3 Internet Application Development Active Server Pages & IIS Web server.

DT211/3 Internet Application Development Active Server Pages & IIS Web server.
Chapter Apache Installation in Linux- Mandrake. Acknowledgment The following information has been obtained directly from www.mandrake.com www.mandrake.com.

Chapter Apache Installation in Linux- Mandrake. Acknowledgment The following information has been obtained directly from
Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.

Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.
Website Development with PHP and MySQL Introduction.

Website Development with PHP and MySQL Introduction.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.

Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
APACHE SERVER By Innovationframes.com »

APACHE SERVER By Innovationframes.com »
Linux Operations and Administration

Linux Operations and Administration
Web Server Configuration Alokes Chattopadhyay Computer & Informatics Centre IIT Kharagpur.

Web Server Configuration Alokes Chattopadhyay Computer & Informatics Centre IIT Kharagpur.
OM. Brad Gall Senior Consultant

OM. Brad Gall Senior Consultant
 2000 Deitel & Associates, Inc. All rights reserved. Chapter 24 – Web Servers (PWS, IIS, Apache, Jigsaw) Outline 24.1Introduction 24.2Microsoft Personal.

 2000 Deitel & Associates, Inc. All rights reserved. Chapter 24 – Web Servers (PWS, IIS, Apache, Jigsaw) Outline 24.1Introduction 24.2Microsoft Personal.
Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as e-mail.

Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as .
FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)
Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.

Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.
Apache Server. -2--2- The Apache Server Apache is a WWW server that implements the HTTP protocol. Apache runs as a daemon. This means that it is a resident.

Apache Server The Apache Server Apache is a WWW server that implements the HTTP protocol. Apache runs as a daemon. This means that it is a resident.
An introduction to Apache. Different Types of Web Servers Apache is the default web server for may Unix servers. IIS is Microsoft’s default web server.

An introduction to Apache. Different Types of Web Servers Apache is the default web server for may Unix servers. IIS is Microsoft’s default web server.
Copyright (c) 2010, Dr. Kuanchin Chen1 The Client-Server Architecture of the WWW Dr. Kuanchin Chen.

Copyright (c) 2010, Dr. Kuanchin Chen1 The Client-Server Architecture of the WWW Dr. Kuanchin Chen.
Introduction to Internet Programming (Web Based Application)

Introduction to Internet Programming (Web Based Application)

Similar presentations

Ads by Google