Exercise (Apache)

Prerequisites

CGI (by the other way)

  • Make ~/www/htdocs/netex directory
  • Make sure .htaccess is allowed in ~/www/conf/httpd.conf
  • Set up ~/www/htdocs/netex/.htaccess file and put appropriate directives
  • Put a CGI program (test.cgi) in the directory and test it.

SSI

  • Put appropriate directives for SSI in the .htaccess
  • Make a test.shtml file and put some SSI commands and test it.

Basic Authentication

  • Make a .htpasswd file within ~/www/htdocs/netex directory with an appropreate command.
  • Add appropriate directives for Basic Authentication in the .htaccess file
  • Test it.

Answer Section

CGI

  • In the <Directory .../www/htdocs> section, put these override directives:
       AllowOverride Options FileInfo
    
  • You must restart httpd after httpd.conf is edited:
       $ www/bin/apachectl restart
    
  • In htdocs/netex/.htaccess:
       Options +ExecCGI
       AddHandler cgi-script .cgi
    
  • test.cgi example:
       #!/sw/bin/python
       # -*- coding: utf-8 -*-
       import cgi
    
       req = cgi.FieldStorage()
       who = req.getvalue('who', '')
       print "Content-Type: text/html; charset=utf-8"
       print
       if who:
           print """<html>
       <head><title>Hello</title></head>
       <body>
       %s さん、こんにちは!
       </body>
       </html>
       """ % cgi.escape(who)
       else:
           print """<html>
       <head><title>Input your name</title></head>
       <body>
       <form method="POST" action="test.cgi">
       お名前をどうぞ
       <input type="text" name="who" />
       <input type="submit" value="送信" />
       </form>
       </body>
       </html>"""
    

SSI

  • Override ... the same as in CGI
  • In htdocs/netex/.htaccess, add:
       Options +Includes
       AddType text/html .shtml
       AddOutputFilter INCLUDES .shtml
    
  • test.shtml example:
       <html>
       <head>
       <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
       </head>
       <body>
       Now the time is <!--#echo var="DATE_LOCAL" -->.<br>
       <!--#config timefmt="%Y/%m/%d %H:%M:%S" -->
       Or, <!--#echo var="DATE_LOCAL" -->. <br>
       只今の時刻は
       <!--#config timefmt="%Y" --> <!--#echo var="DATE_LOCAL" -->年
       <!--#config timefmt="%m" --> <!--#echo var="DATE_LOCAL" -->月
       <!--#config timefmt="%d" --> <!--#echo var="DATE_LOCAL" -->日
       <!--#config timefmt="%H" --> <!--#echo var="DATE_LOCAL" -->時
       <!--#config timefmt="%M" --> <!--#echo var="DATE_LOCAL" -->分
       <!--#config timefmt="%S" --> <!--#echo var="DATE_LOCAL" -->秒です。<br>
       あなたは <!--#echo var="REMOTE_ADDR" --> から
       <!--#echo var="HTTP_USER_AGENT" --> で、アクセスしています。
       <pre>
       <!--#exec cmd="export LANG=ja_JP.UTF-8; cal" -->
       </pre>
       </body>
       </html>
    

Basic Authentication

  • In the <Directory .../www/htdocs> section, put these override directives (add AuthConfig):
       AllowOverride Options FileInfo AuthConfig
    
  • Restart httpd (as in CGI)
  • Use this command to create a password file:
       $ cd ~/www/htdocs/netex
       $ /sw/www/bin/htpasswd -c .htpasswd me
    
  • In htdocs/netex/.htaccess, add:
       AuthType Basic
       AuthName "Restricted Area"
       AuthUserFile htdocs/netex/.htpasswd
       Require valid-user
    
  • Access test.cgi or test.shtml and confirm that password is requested.

Security Consideration

  • HTTP Authentication
  • Example (in HTTP header):
       Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
    
  • With Python:
       >>> import base64
       >>> base64.decodestring('QWxhZGRpbjpvcGVuIHNlc2FtZQ==')
       'Aladdin:open sesame'
    
  • Not encrypted !

Report

  • Write a mail report to Kikuchi (in Japanese).
  • Copy the access records from logs/access_log (only for the successful ones of CGI, SSI and Basic Authentication).

Additional Notes

  • File system to URL mapping
DocumentRoot
~/www/htdocs -> http://localhost:8080/
ScriptAlias
~/www/cgi-bin/ -> http://localhost:8080/cgi-bin/
A directory under DocumentRoot
~/www/htdocs/netex -> http://localhost:8080/netex/

URL to access

CGI example
http://localhost:8080/netex/test.cgi
SSI example
http://localhost:8080/netex/test.shtml