groups.inf web server upgrade

The web server that hosts the web site (and various others) is one of the last to be upgraded to SL7. I had hoped to squeeze it in before the end of the year, but it will now happen on Friday January 12th 2018.

The groups.inf web server actually hosts multiple sites, the main ones being (groups|conferences|workshops), but see the complete list at the end of this post.

The upgrade will change the version of Apache from 2.2 to 2.4 and, as with the homepages upgrade, this may require some changes to .htaccess files if you use them. As these files will be accessed (at least for a short time) by both the SL6 Apache 2.2 and then SL7 Apache 2.4 servers, then you need make the changes conditional on which server is
parsing the file or you will get errors.

I’ve already searched for .htaccess files that could be affected, and edited them to use the new directives, eg if you had an .htaccess file that had:

Order allow,deny
Deny from all

Then it will now look like:

<IfVersion < 2.4>
Order allow,deny
Deny from all

<IfVersion >= 2.4>
require all denied

# neilbSL7

The # neilbSL7 is just a marker I used to record that I’d updated the file. For a list of changes when upgrading from Apache 2.2 to 2.4, see

Other Changes

SSI expressions have also changed, but the old behaviour can be enabled with SSILegacyExprParser on in a suitable .htaccess file. I’ve actually made this the default for groups.inf to aid transition, but would like to turn it off at some point in the future.

The PHP version will also change from 5.3.3 to 5.4.16. Again, at some point in the future, I’d like to update that further to 5.6.

For anyone using Cosign access control, then simply turning on Cosign with “CosignProtected on” is not enough to force authentication with Apache 2.4. You need the full:

  CosignProtected On
  AuthType Cosign
  Require user AAA BBB CCC

Also “CosignAllowPublicAccess on”, does not work as it did before. If you have it set on and then try to do a “require valid-user” (or similar) you will get a server error because of the conflicting instructions. So sections that were “Allow public access on”, you’ll just have to not enable authentication at all, or be happy to turn off public access, and force authentication.


Where I can, I’ve created temporary “sl7” URLs to the various sites (listed below) so you can test your site on the new server ahead of the upgrade. There is just an extra “.sl7” in front of the existing “” part of the URL eg becomes

For sites who’s DNS is not within, there are no test URLs. If the owners want to contact me ahead of the switch, I can probably arrange a temporary URL to try things on. Best to do that via the support form.

Previous upgrades of web servers from SL6 to SL7 have been fairly uneventful, so hopefully this upgrade will be equally smooth.


List of all web sites hosted on the groups.inf server
# There are test URLs for all the sites above here
# but not for the following

About neilb

Computing staff at the University of Edinburgh. Part of the Services Unit.
This entry was posted in Service Update. Bookmark the permalink.

One Response to groups.inf web server upgrade

  1. neilb says:

    12/1/2018 10am During the lead up to the switch this morning, the various test SL7 URLs will stop working while final changes are being made.

    12/1/2018 11:46am That’s the new server now serving all the groups.inf sites.

    12/1/2018 12:55pm There was a problem with Cosign, but that should be fixed now. The service should be considered at risk for the rest of the day, but otherwise everything is believed to be working.

Leave a Reply