Making your own web site

Putting up pages

To serve web pages from our web server, simply create a directory named public_html in your home directory, and place your HTML files in that directory. Your files will have the URL

      http://www.submm.caltech.edu/~username/ ...

Where "username" is your login name. For example, if I place a page named "hello.html" in ~shimpei/public_html/, it would have the URL

      http://www.submm.caltech.edu/~shimpei/hello.html

You need a submillimeter Unix account to do all this, of course. Bug John Ward or me if you don't have one already.

Hit counters, log files, server stats

We don't have a "hit counter" CGI program. Sorry. There are many places that offer free hit counters, so use them instead.

You can, however, look at the server logs. The raw logs are available for your viewing pleasure in /var/opt/httpd/logs/ on gondor, which is the machine that actually runs our web server. You can also look at the log digest, updated nightly, at

    http://www.submm.caltech.edu/logreport

This digest is generated by a program called analog. You can also run it yourself and customize its output (e.g., so that it only counts hits to your files); read the documentation in the directory /opt/doc/analog/ for details.

Server-Side Includes

Server-Side Includes (SSI) are simple commands you can put in your HTML files. The bottom of this page, for example, contains the SSI directive:

      <!--#echo var="LAST_MODIFIED"-->

which tells the web server to replace this command with the date on which this file was last modified. There are many directives available; see Apache's web site for a complete listing.

In order to use this feature, you need to rename your .html files .shtml to tell the web server that it should scan the file for server-side directives.

Adding Searching Capabilities to your web page

We have an Excite search engine installed for the CSO web page, which uses it to seach the papers index. You can also use it on your web page: simply copy the query form example in /var/opt/excite/AT-Usersquery.html on gondor onto a page you want to be able to search from. Note that the search engine updates its index every night, so files you put in your public_html directory may not show up in search results until the following day.

Pre-packaged CGI programs

(Coming soon)

Writing your own CGI programs

Yes, you can run your own CGI programs. Ask Shimpei to give you write access to the cgi-bin directory if you feel like giving it a shot. Error messages from bad CGI programs are recorded in /var/opt/httpd/logs/error_log on gondor, which can be very valuable for debugging purposes.

Make sure, though, that you know what you are doing when you write them; people will be very put out if some losers break into our network thanks to holes in your script! At the very least, please give Shimpei a copy of the source code (if it's a compiled program) so he can check it for obvious security holes.

Some very elementary things to keep in mind when writing CGI:

If you want to use C, be super-paranoid about buffer overflows. In practice, this means you should always use strncpy instead of strcpy, and avoid using fucntions like scanf or gets on strings of unknown lengths.
Do not put the source code in a place where the web server can see it, unless you're really confident that the program will survive scrutiny from determined crackers. Putting them in your public_html/ directory is a definite no-no. (Files in cgi-bin are not readable by the web server, but avoid putting source code there anyway.)
If you use perl (good for you!), make sure you always run perl with the -Tw option. (That is, you write
```
    #! /usr/local/bin/perl -Tw
```
as the first line in your script. -T turns on "taint" checking, which will cause perl to stop execution if untrustworthy data is handled carelessly (see the perl man pages for details). -w turns on extra warnings, and is always a good option when writing perl scripts, CGI or not.

Restricting access, redirecting, and other web server tricks

You can restrict access to your web pages by IP addresses, require people to supply passwords, redirect traffic to obsolete pages to new pages, provide custom MIME types, and perform other web magic by adding appropriate server directives in a file named .htaccess in the directory you want to control. Please see the server documentation at the Apache server web site for details. I have disabled some features in name of security; please talk to me if you need any of those features.

Really advanced stuff

In the latest build of the Apache server, I have enabled the mod_perl and mod_php3 modules on an experimental basis.

mod_perl enables faster execution of perl scripts by having a persistent perl interpreter. To use this module, place scripts in /opt/httpd/mod_perl/programs; they will be accessible from the URL http://www.submm.caltech.edu/cgi2-bin/.

mod_php3 is a scripting language that can easily be embedded in web pages to create dynamic pages; to use this module, just write a web page with embedded php3 commands, and give it a .phtml ending.

Let me know if you plan to try out either of these modules; I will probably not include them in future compiles of Apache if no one is interested in them.

last updated Sunday, 18-Oct-1998 05:38:21 PDT
webmaster@www.submm.caltech.edu