Basic Web Features

Introduction

The remainder of this document describes issues you may encounter when getting started. For more advanced features, go to this page.

Directory and File Permissions

Your home directory must be set for world execute access, using a command such as this: 

chmod 711 ~

If the permissions on your home directory are not set properly, then the server cannot access your "public_html" page. If you set the permissions correctly, the command 

ls -ld ~

Should show something like this: 

drwx--x--x  11 jdoe  easdue  512 Mar  6 10:11 /eng/home/jdoe

Your "public_html" directory must be world-readable and world-executable so that the web server software can access files in it. To do this, use a command such as this: 

chmod 755 public_html

If you did this correctly, permissions should look something like this: 

drwxr-xr-x  11 jdoe  easdue  512 Apr 25 09:12 /eng/home/jdoe/public_html

Finally, all files under your "public_html directory must be world-readable; typing "ls -l" inside your "public_html" directory should show something like this: 

-rw-r--r--   1 jdoe  easdue  11345 Apr 25 09:12 index.html

Personal Home Page Restrictions

Please note that we do not allow execution of CGI scripts from personal web pages, for various security reasons. A personal web page is one that has a tilde character in it, eg. "www.nsm.buffalo.edu/UBITName", even if the site is being used for class or research uses. We do allow CGI scripts to be run from departmental, research, and other organizational sites on a request basis; these sites require special access to our web server, which can be set up by sending a request to senshelp@buffalo.edu.

Processing of SSI "#exec" directives follow the same rules described above.

Restricting Access

If you have a web page that you would like to only be accessible to certain people, or to a certain group of computers, you may do so through the use of a hidden file named ".htaccess". This file can contain a variety of access directives, as explained on this page. There is also a tutorial on using .htaccess files available from the Apache group.

System-Based Access Restrictions

This is the easier form of restricting access. It is a simple matter of putting a ".htaccess" in the top-level directory for which you want to restrict access, and which contains directives such as in this sample file: 

Deny from all
Allow from 128.205
Allow from .buffalo.edu
ErrorDocument 403 /.error/403_forbidden_ubonly.shtml

Note that we have several error message pages that can be displayed if the user gets a 403 (access forbidden) error:

You may click on each of the above to see what they display. Note that the last one is more appropriate for user-based access restrictions, as described below.

User-Based Access Restrictions

This is slightly more complex, as it involves creating two files,but allows access to be restricted based on names and passwords (these do not have to be UBITName login names and passwords; you are free to create your own).

The first file is a ".htaccess" with directives such as in this sample file: 

AuthName "My Restricted Page Name"
AuthType Basic
AuthUserFile /eng/home/jdoe/public_html/secretstuff/.htpasswd

Order deny,allow
Allow from .eng.buffalo.edu
Require valid-user

Note that this file defines where the user/password list is kept, and also puts a restriction on it so that only people within the ".eng.buffalo.edu" domain can see the page (as described above). If you want to potentially allow anyone to see the page, change the "Allow from" line to read "Allow from all".

Next, a file named ".htpasswd" is created using a command like this, and which is run in the same directory as the ".htaccess" file: 

htpasswd -c .htpasswd joe

In this example, a password file was created with information for the user "joe". To add other users, run this form of the command: 

htpasswd .htpasswd michelle

Note the absence of the "-c" parameter, which would otherwise have caused existing entries to be deleted. This command can be run repeatedly for any other users for which access permission is required.

Getting Help

The staff of SENS can not provide help or consultation with respect to creating personal web pages; this service is being provided only as a courtesy. We will, however, support issues related to the web server itself.

Finally, there are some fine tools on the Internet that can be used to create and maintain web pages.