Enhanced Web Site Design Stanford University Continuing Studies CS 22

Slides:

Advertisements

Similar presentations

The Web Wizards Guide to HTML Chapter One World Wide Web Basics.

Advertisements

3.02H Publishing a Website 3.02 Develop webpages..

CS 22: Enhanced Web Site Design - Week 8Slide 1 of 15 Enhanced Web Site Design Stanford University Continuing Studies CS 22 Mark Branom

A digression The next feature of programming HTTP clients that we will consider is user authentication Before considering that, however, we will digress.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

Protecting Documents on the Web Friday Tech Briefing Timely Info for Power Users and Stanford's Technology Support Community Mark Branom ITSS Technology.

Server-Side vs. Client-Side Scripting Languages

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

B.Sc. Multimedia ComputingMedia Technologies Database Technologies.

Apache Access Controls. Ways to control Allow/Deny access control –By IP –By domain name Password –Apache managed passwords –Realms.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004

Setting up in Outlook Express. Select “Tools” from the toolbar menu.

APACHE SERVER By Innovationframes.com »

Evaluating Web Server Log Analysis Tools David Strom SD’98 2/13/98.

FTP File Transfer Protocol. Introduction transfer file to/from remote host client/server model  client: side that initiates transfer (either to/from.

Module 1: Installing Internet Information Services 5.0.

Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.

Class 8Intro to Databases Authentication and Security Note: What we discuss in class today covers moderate to low security. Before you involve yourself.

SIMPLE ROUTER The slide made by Salim Malakouti. Next we will create the Router  What do I we mean by a router?  Routers work similar to a map. It receives.

Server tools. Site server tools can be utilised to build, host, track and monitor transactions on a business site. There are a wide range of possibilities.

An introduction to Apache. Different Types of Web Servers Apache is the default web server for may Unix servers. IIS is Microsoft’s default web server.

Tutorial 10 Adding Spry Elements and Database Functionality Dreamweaver CS3 Tutorial 101.

Copyright 2000 eMation SECURITY - Controlling Data Access with

Course ILT Internet/intranet support Unit objectives Use the Internet Information Services snap-in to manage IIS, Web sites, virtual directories, and WebDAV.

Set 13: Web Servers (configuration and security) (Chapter 21) IT452 Advanced Web and Internet Systems.

Apache and... Virtual Hosts ---- aliases mod_rewrite ---- htaccess AFNOG 11 Kigali, Rwanda May 2010 Dorcas Muthoni Courtesy: Hervey Allen.

User authentication, passwords

FTP Server and FTP Commands By Nanda Ganesan, Ph.D. © Nanda Ganesan, All Rights Reserved.

Web Site Access Control with Apache Fort Collins, CO Copyright © XTR Systems, LLC Web Site Access Control Using the Apache Web Server Instructor: Joseph.

Apache Security Travis Jeffries. Introduction Authentication and Authorization Strict Access Methods Defending against Attacks Bad CGI Programs Apache.

1 Welcome to CSC 301 Web Programming Charles Frank.

Module 11: Securing a Microsoft ASP.NET Web Application.

Slide 1 ASP Authentication There are basically three authentication modes Windows Passport Forms There are others through WCF You choose an authentication.

Turning Windows 7 into a Web Server Ch 28. Understanding Internet Information Services.

1 Apache and... Virtual Hosts ---- aliases mod_rewrite ---- htaccess AFNOG X Cairo, Egypt May 2009 Hervey Allen.

Sessions, Cookies, &.htaccess IT 210. Procedural Issues  Quiz #3 Today!  Homework #3 Due Friday at midnight UML for Lab 4  Withdraw Deadline is Wed,

.htaccess Apache server directives BTM 395: Internet Programming.

IIS and.Net security -Vasudha Bhat. What is IIS? Why do we need IIS? Internet Information Services (IIS) is a Web server, its primary job is to accept.

Authentication Names and Passwords Names and Passwords Also can use Groups Also can use Groups Webmaster can “require” authentication Webmaster can “require”

WEB SERVER SOFTWARE FEATURE SETS

Web Technology – Web Server Setup : Chris Uriarte Meeting 4: Advanced Topics, Continued: Securing the Apache Server and Apache Performance Tuning Rutgers.

| imodules.com Top 10 FAQ in Application Support Kelly Schmiedeler & Amber Quayle.

ASP-2-1 SERVER AND CLIENT SIDE SCRITPING Colorado Technical University IT420 Tim Peterson.

Website Design:. Once you have created a website on your hard drive you need to get it up on to the Web. This is called "uploading“ or “publishing” or.

Web Server Design Week 10 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 3/17/10.

Using WS_FTP to Download Your Website Source Files Stanford University Continuing Studies CS21 Mark Branom

Authentication & Authorisation Is the user allowed to access the site?

4.01 How Web Pages Work.

Distributed Control and Measurement via the Internet

Tonga Institute of Higher Education IT 141: Information Systems

3.02H Publishing a Website 3.02 Develop webpages..

Instructor: Ahmed Jafer

Apache and... Virtual Hosts ---- aliases mod_rewrite ---- htaccess

Authentication & .htaccess

Web Server Design Week 11 Old Dominion University

CISC103 Web Development Basics: Web site:

Security in Web Applications

Client side & Server side scripting

Tonga Institute of Higher Education IT 141: Information Systems

Configuring Internet-related services

Managing a Web Server and Files

4.02 Develop web pages using various layouts and technologies.

Tonga Institute of Higher Education IT 141: Information Systems

Web Server Design Week 10 Old Dominion University

Web Server Design Week 11 Old Dominion University

Requests and Server Response Codes

Web Server Design Week 11 Old Dominion University

Web Servers (IIS and Apache)

Presentation transcript:

Enhanced Web Site Design Stanford University Continuing Studies CS 22 Mark Branom branom@alumni.stanford.edu http://web.stanford.edu/people/markb/ Course Web Site: http://web.stanford.edu/group/csp/cs22

Manipulating Web Servers Unfinished business Limiting Access By Password By Domain/IP Address To a specific file Custom Error Documents Server-side Redirects (as opposed to <meta> tag client-side redirects) IndexIgnore Prevent Hotlinking CS 22: Enhanced Web Site Design - Manipulating Web Servers

Limiting Access Sometimes webmasters wish to restrict access to their web content. One way to do this is to protect a directory/folder, and then placing the files you wish to protect into this protected directory. Not all servers allow you to restrict your content; check with your ISP first! We’ll be demonstrating using apache web servers (Unix/Linux-based servers). Microsoft IIS servers also allow restriction, but instead of a .htaccess file, it’s a web.archive file. CS 22: Enhanced Web Site Design - Manipulating Web Servers

Step 1: Create a .htpasswd database file Connect to your unix account Change directory to the directory you wish to protect Issue "htpasswd -c .htpasswd user1" Enter the password Enter the password a second time If you wish to add more users/passwords, issue "htpasswd .htpasswd user2“ Note: if you cannot connect to your unix account, and your web host doesn’t have a httpasswd generator, there are a number of online tools. Here’s an example: http://www.htaccesstools.com/htpasswd-generator/ CS 22: Enhanced Web Site Design - Manipulating Web Servers

Step 2: Create a .htaccess file Using a text editor, create a file called ".htaccess" AuthUserFile /path/to/restricted/folder/.htpasswd AuthName YourDatabaseName AuthType Basic <Limit GET> require valid-user </Limit> Note: Use “require user username” to restrict access to specific users CS 22: Enhanced Web Site Design - Manipulating Web Servers

.htaccess file The argument to AuthUserFile must be the full path of the database used to authenticate remote users. If you don't know the full path, you can use the unix pwd command to find out. The argument to AuthName must be just one word -- if you want more than one word, you must enclose them in quotes: AuthName RestrictedPages or AuthName “Mark’s Restricted Page” but not AuthName Mark’s Restricted Page Case counts - Limit must be Limit; GET must be in all uppercase; AuthName is all one word. Make sure you leave a blank line at the end. CS 22: Enhanced Web Site Design - Manipulating Web Servers

Example http://web.stanford.edu/~markb/password/ username: stanford password: university CS 22: Enhanced Web Site Design - Manipulating Web Servers

IIS To restrict access on an IIS server, in the web.archive file: <security> <authentication> <anonymousAuthentication enabled="false" /> <basicAuthentication enabled="true" /> </authentication> </security> CS 22: Enhanced Web Site Design - Manipulating Web Servers

Restricting by domain/IP address Apache 2.2 and earlier Apache 2.3 and newer order deny,allow deny from all order allow,deny allow from all allow from stanford.edu allow from 171.64 allow from 10.24.44.122 require all denied require all granted require host stanford.edu require ip 171.64 require ip 10.24.44.122 CS 22: Enhanced Web Site Design - Manipulating Web Servers

Restricting/allowing access to a specific file <Files filename.html> <Files login.php> require all granted require host stanford.edu </Files> </Files> CS 22: Enhanced Web Site Design - Manipulating Web Servers

Manipulating Web Servers on IIS On an IIS server, in the web.archive file: <authorization> <allow users="comma-separated list of users" roles="comma-separated list of roles" verbs="comma-separated list of verbs"/> <deny users="comma-separated list of users" </authorization> CS 22: Enhanced Web Site Design - Manipulating Web Servers

Custom Error Documents ErrorDocument [http status code] [url] ErrorDocument 404 http://www.company.com/404.html List of http status codes: http://en.wikipedia.org/wiki/List_of_HTTP_status_codes CS 22: Enhanced Web Site Design - Manipulating Web Servers

Custom Error Documents - IIS On an IIS server: <customErrors defaultRedirect="url" mode="Off"> <error statusCode="403" redirect="/path-to-403-error-page.html" /> <error statusCode="404" redirect="/path-to-404-error-page.html> </customErrors> CS 22: Enhanced Web Site Design - Manipulating Web Servers

Server Redirect Server redirection (better choice): Redirect 301 oldlocation http://www.newplace.com Client-side redirection (alternative choice if you can’t manipulate the server): <meta http-equiv="refresh" content="0; url=newlocation.html"> CS 22: Enhanced Web Site Design - Manipulating Web Servers

Server Redirect - IIS On an IIS server: <configuration> <location path="oldfile1.htm"> <system.webServer> <httpRedirect enabled="true" destination="http://domain.com/new1" httpResponseStatus="Permanent" /> </system.webServer> </location> <location path="oldfile2.htm"> <httpRedirect enabled="true" destination="http://domain.com/new2" httpResponseStatus="Permanent" /> </configuration> CS 22: Enhanced Web Site Design - Manipulating Web Servers

IndexIgnore IndexIgnore The IndexIgnore directive controls which files the web server will display in the directory in which the .htaccess file is placed. For example, to hide from view all picture files in the listing of files of a directory, enter the following directive (note that this does NOT prevent visitors from displaying the file if they know it exists; it merely causes the files to not be displayed in the list of files in the directory). IndexIgnore *.gif *.jpg *.png CS 22: Enhanced Web Site Design - Manipulating Web Servers

Prevent Hotlinking Hotlinking is the process of embedding images or other media (sound, video, etc.) from one web site into another. Every time a visitor goes to a web site with an image on it, the web server that hosts that image is “hit” with the bandwidth needed to send and display that image. The web server that hosts the web page should be the same web server that hosts the image. You can prevent other webmasters from being able to “hotlink” your images by adding a few lines of code to your .htaccess file. In this example, the picture located at http://web.stanford.edu/~markb/stop.gif will display on any web site that tries to hotlink any GIF or JPG files on this site that is not coming from the Stanford servers: RewriteEngine On RewriteCond %{HTTP_REFERER} !^http://(.+\.)?stanford\.edu/ [NC] RewriteCond %{HTTP_REFERER} !^$ RewriteRule .*\.(jpe?g|gif|bmp|png)$ /~markb/stop.gif [L] CS 22: Enhanced Web Site Design - Manipulating Web Servers