The web-page hosting services homepages.inf and groups.inf have been complemented by a new service, sweb.inf, which allows users to publish AFS-based web pages that have a greater degree of protection than the mechanism currently employed on existing services.
The new server, sweb.inf, uses AFS space that is accessible from anywhere (as normal) and is editable by the user (also as normal), but when accessed via the web using Apache it is constrained to a separate, user-specific ID, of the form “sweb.<user>” (not the generic <apache> ID as is normal on our other web servers). The resulting filespace should benefit from the resilience and availability of AFS, and be better-protected from any server-side issues (such as another user’s mis-configured script).
The URL of this more-secure web server is https://sweb.inf.ed.ac.uk, and user pages sit below the user ID at that site, so that the “test.html” page of user “fred” would be “https://sweb.inf.ed.ac.uk/~fred/test.html”.
The corresponding filespace is within the AFS file-structure, and accessible in the “web” sub-directory below the user directory in /afs/inf.ed.ac.uk/web/securepages (thus the path corresponding to the example URL above would be /afs/inf.ed.ac.uk/web/securepages/fred/web/test.html).
For related files that are not intended to be web-visible (README and other house-keeping files, intermediate or temporary files
used by scripts and suchlike) there is a data directory (for example, /afs/inf.ed.ac.uk/web/securepages/fred/data), which is a sibling of the web directory. These “data” files are only accessible via the filesystem, not via the web.
Files within the /afs/inf.ed.ac.uk/web/securepages structure need specific permissions if the mechanism is to work correctly. This allows web access as the restricted user-specific ID (such as “sweb.fred”, for example), but full access via the filesystem as user “fred”.
More information can be found on the relevant computing.help web page, http://computing.help.inf.ed.ac.uk/using-secure-afs-web-server.
To make use of this service, a request should be made via the Support Form.