Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enhanced Web Site Design Stanford University Continuing Studies CS 22

Published byHarvey Sparks Modified over 6 years ago

Similar presentations

Presentation on theme: "Enhanced Web Site Design Stanford University Continuing Studies CS 22"— Presentation transcript:

1 Enhanced Web Site Design Stanford University Continuing Studies CS 22
Mark Branom Course Web Site:

2 Manipulating Web Servers
Unfinished business Limiting Access By Password By Domain/IP Address To a specific file Custom Error Documents Server-side Redirects (as opposed to <meta> tag client-side redirects) IndexIgnore Prevent Hotlinking CS 22: Enhanced Web Site Design - Manipulating Web Servers

3 Limiting Access Sometimes webmasters wish to restrict access to their web content. One way to do this is to protect a directory/folder, and then placing the files you wish to protect into this protected directory. Not all servers allow you to restrict your content; check with your ISP first! We’ll be demonstrating using apache web servers (Unix/Linux-based servers). Microsoft IIS servers also allow restriction, but instead of a .htaccess file, it’s a web.archive file. CS 22: Enhanced Web Site Design - Manipulating Web Servers

4 Step 1: Create a .htpasswd database file
Connect to your unix account Change directory to the directory you wish to protect Issue "htpasswd -c .htpasswd user1" Enter the password Enter the password a second time If you wish to add more users/passwords, issue "htpasswd .htpasswd user2“ Note: if you cannot connect to your unix account, and your web host doesn’t have a httpasswd generator, there are a number of online tools. Here’s an example: CS 22: Enhanced Web Site Design - Manipulating Web Servers

5 Step 2: Create a .htaccess file
Using a text editor, create a file called ".htaccess" AuthUserFile /path/to/restricted/folder/.htpasswd AuthName YourDatabaseName AuthType Basic <Limit GET> require valid-user </Limit> Note: Use “require user username” to restrict access to specific users CS 22: Enhanced Web Site Design - Manipulating Web Servers

6 .htaccess file The argument to AuthUserFile must be the full path of the database used to authenticate remote users. If you don't know the full path, you can use the unix pwd command to find out. The argument to AuthName must be just one word -- if you want more than one word, you must enclose them in quotes: AuthName RestrictedPages or AuthName “Mark’s Restricted Page” but not AuthName Mark’s Restricted Page Case counts - Limit must be Limit; GET must be in all uppercase; AuthName is all one word. Make sure you leave a blank line at the end. CS 22: Enhanced Web Site Design - Manipulating Web Servers

7 Example http://web.stanford.edu/~markb/password/ username: stanford
password: university CS 22: Enhanced Web Site Design - Manipulating Web Servers

8 IIS To restrict access on an IIS server, in the web.archive file: <security> <authentication> <anonymousAuthentication enabled="false" /> <basicAuthentication enabled="true" /> </authentication> </security> CS 22: Enhanced Web Site Design - Manipulating Web Servers

9 Restricting by domain/IP address
Apache 2.2 and earlier Apache 2.3 and newer order deny,allow deny from all order allow,deny allow from all allow from stanford.edu allow from allow from require all denied require all granted require host stanford.edu require ip require ip CS 22: Enhanced Web Site Design - Manipulating Web Servers

10 Restricting/allowing access to a specific file
<Files filename.html> <Files login.php> require all granted require host stanford.edu </Files> </Files> CS 22: Enhanced Web Site Design - Manipulating Web Servers

11 Manipulating Web Servers on IIS
On an IIS server, in the web.archive file: <authorization> <allow users="comma-separated list of users" roles="comma-separated list of roles" verbs="comma-separated list of verbs"/> <deny users="comma-separated list of users" </authorization> CS 22: Enhanced Web Site Design - Manipulating Web Servers

12 Custom Error Documents
ErrorDocument [http status code] [url] ErrorDocument 404 List of http status codes: CS 22: Enhanced Web Site Design - Manipulating Web Servers

13 Custom Error Documents - IIS
On an IIS server: <customErrors defaultRedirect="url" mode="Off"> <error statusCode="403" redirect="/path-to-403-error-page.html" /> <error statusCode="404" redirect="/path-to-404-error-page.html> </customErrors> CS 22: Enhanced Web Site Design - Manipulating Web Servers

14 Server Redirect Server redirection (better choice):
Redirect 301 oldlocation Client-side redirection (alternative choice if you can’t manipulate the server): <meta http-equiv="refresh" content="0; url=newlocation.html"> CS 22: Enhanced Web Site Design - Manipulating Web Servers

15 Server Redirect - IIS On an IIS server: <configuration>
<location path="oldfile1.htm"> <system.webServer> <httpRedirect enabled="true" destination=" httpResponseStatus="Permanent" /> </system.webServer> </location> <location path="oldfile2.htm"> <httpRedirect enabled="true" destination=" httpResponseStatus="Permanent" /> </configuration> CS 22: Enhanced Web Site Design - Manipulating Web Servers

16 IndexIgnore IndexIgnore
The IndexIgnore directive controls which files the web server will display in the directory in which the .htaccess file is placed. For example, to hide from view all picture files in the listing of files of a directory, enter the following directive (note that this does NOT prevent visitors from displaying the file if they know it exists; it merely causes the files to not be displayed in the list of files in the directory). IndexIgnore *.gif *.jpg *.png CS 22: Enhanced Web Site Design - Manipulating Web Servers

17 Prevent Hotlinking Hotlinking is the process of embedding images or other media (sound, video, etc.) from one web site into another. Every time a visitor goes to a web site with an image on it, the web server that hosts that image is “hit” with the bandwidth needed to send and display that image. The web server that hosts the web page should be the same web server that hosts the image. You can prevent other webmasters from being able to “hotlink” your images by adding a few lines of code to your .htaccess file. In this example, the picture located at will display on any web site that tries to hotlink any GIF or JPG files on this site that is not coming from the Stanford servers: RewriteEngine On RewriteCond %{HTTP_REFERER} !^ [NC] RewriteCond %{HTTP_REFERER} !^$ RewriteRule .*\.(jpe?g|gif|bmp|png)$ /~markb/stop.gif [L] CS 22: Enhanced Web Site Design - Manipulating Web Servers

Download ppt "Enhanced Web Site Design Stanford University Continuing Studies CS 22"

Similar presentations

The Web Wizards Guide to HTML Chapter One World Wide Web Basics.

The Web Wizards Guide to HTML Chapter One World Wide Web Basics.
3.02H Publishing a Website 3.02 Develop webpages..

3.02H Publishing a Website 3.02 Develop webpages..
CS 22: Enhanced Web Site Design - Week 8Slide 1 of 15 Enhanced Web Site Design Stanford University Continuing Studies CS 22 Mark Branom

CS 22: Enhanced Web Site Design - Week 8Slide 1 of 15 Enhanced Web Site Design Stanford University Continuing Studies CS 22 Mark Branom
A digression The next feature of programming HTTP clients that we will consider is user authentication Before considering that, however, we will digress.

A digression The next feature of programming HTTP clients that we will consider is user authentication Before considering that, however, we will digress.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Protecting Documents on the Web Friday Tech Briefing Timely Info for Power Users and Stanford's Technology Support Community Mark Branom ITSS Technology.

Protecting Documents on the Web Friday Tech Briefing Timely Info for Power Users and Stanford's Technology Support Community Mark Branom ITSS Technology.
Server-Side vs. Client-Side Scripting Languages

Server-Side vs. Client-Side Scripting Languages
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
B.Sc. Multimedia ComputingMedia Technologies Database Technologies.

B.Sc. Multimedia ComputingMedia Technologies Database Technologies.
Apache Access Controls. Ways to control Allow/Deny access control –By IP –By domain name Password –Apache managed passwords –Realms.

Apache Access Controls. Ways to control Allow/Deny access control –By IP –By domain name Password –Apache managed passwords –Realms.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004

SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004
Setting up Email in Outlook Express. Select “Tools” from the toolbar menu.

Setting up in Outlook Express. Select “Tools” from the toolbar menu.
APACHE SERVER By Innovationframes.com »

APACHE SERVER By Innovationframes.com »
Evaluating Web Server Log Analysis Tools David Strom SD’98 2/13/98.

Evaluating Web Server Log Analysis Tools David Strom SD’98 2/13/98.
FTP File Transfer Protocol. Introduction transfer file to/from remote host client/server model  client: side that initiates transfer (either to/from.

FTP File Transfer Protocol. Introduction transfer file to/from remote host client/server model  client: side that initiates transfer (either to/from.
Module 1: Installing Internet Information Services 5.0.

Module 1: Installing Internet Information Services 5.0.
Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.

Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.
Class 8Intro to Databases Authentication and Security Note: What we discuss in class today covers moderate to low security. Before you involve yourself.

Class 8Intro to Databases Authentication and Security Note: What we discuss in class today covers moderate to low security. Before you involve yourself.

Similar presentations

Ads by Google