1. Web Access Chain of Events CPTE 212 John Beckett

2. The Sequence Client looks up hostname in DNS –DNS returns IP address Client sends request to IP address –Includes hostname in the request Web server software fields request –If hostname not known by server to be a multidomain host, passes off to default site –If server knows this as a multidomain host, passes off to configured location

3. Where Are the Web Materials for the Default Site? Windows Default Location: c:\inetpub\wwwroot Configure: –IIS Manager –Expand hostname (nCloud) –Sites…Default Web site…Edit Site…Basic Settings (Ubuntu) Linux/Apache Default Location: /var/www/html Configure: –/etc/apache2/sites- available/000- default.conf DocumentRoot –/etc/apache2/apache2.c onf

4. Set your site up to use FTP for updates Windows (we aren’t doing this) Create user for updating Build FTP site that is accessible to that user Change IIS configuration to use that user’s materials Upload into that user’s account Linux/Apache Create user for updating Configure FTP to allow updating by users –/etc/vsftpd.conf “allow write” Configure Apache configuration to use that user’s materials Upload into that user’s account

5. Why Use public_html directory? - The Problem If you point the Web server at the user’s main directory (e.g. /home/username), clients can ask the server for any file in that directory structure Although good practices will prevent security problems in this case, any slip-up allows an attacker an entry you didn’t need to give them

6. Why Use public_html directory? - The Solution Point the Web Server at a directory within the user’s space –Traditionally, we name this public_html but you could choose another name The server-side scripts in that directory can then reference files in the parent directory with the notation “../filename”