Link to USGS home page
Internal USGS Access Only

Assignment Set 8

Server Side Includes and Security

Server Side Includes

Server-Side-Includes will not work if the URL starts with "file://". This sort of URL asks the browser to pull a file off the local disk and does not go through a web server.

Use the DIS page of SSI examples and/or the apache reference for SSI as a reference, edit one of your existing html documents to add server side includes to:

  1. Show the last modified date of the html.
  2. Include text from another file (but don't include a complete html file or you will end up with duplicate HTML HEAD TITLE and BODY tags)
  3. Show the name of the Web server.
  4. Show the host that the browser is on (REMOTE_HOST).
  5. Display the file size of an image.

Host-based Access Control using .htaccess

Consult the Apache documentation on access control for a complete listing of capabilities.

  1. In your public_html directory create an .htaccess file.
  2. Find out the IP Address (4 numbers separated by periods) of the computer you are on by typing ipconfig in a DOS window, and then add the following line to the .htaccess file like this,
    deny from ipaddress
  3. Reload a page from your public_html directory using your browser. --What happened?
  4. Reload a page from your public_html directory using The Anonymizer. --What happened?
  5. Remove that line from the .htaccess file, and confirm that you can access your pages.
  6. Get your Fully Qualified Domain Name by typing the commands ipconfig and then hostname. Take the output of hostname, then add a period, then add the "DNS Suffix" from ipconfig, so that you have a name something like: "something.xr.usgs.gov". Add the following line to the .htaccess file like this,
    deny from something.er.usgs.gov
  7. Reload a page from your public_html directory using your browser. --What happened?

Password-based Access Control using .htaccess

If you get done early, and have energy left, read the instructions on how to set up password-based access and password protect your public_html directory (the web-server access has been set to allow this).

Note: By default .htaccess files created by users will be able to override the system default access. To change this behavior update the configuration file httpd/conf/access.conf with option "AllowOverride".

assignment 8

[up]
"Mastering a Website" online course
Created and maintained by Lorna Schmid and David Boldt.
Last modified: Fri May 2 20:02:05 EDT 2003