How to Set Up a Web Page

How Do I Set Up My Homepage?

Your homepage is in ~/html. Log into a cs machine and make sure the html directory exists in your home directory. Also make sure your home directory and the html directory have access by other users so the web server can enter. From the command line you can type "ls ~" to check if html exists, "mkdir ~/html" to create it if necessary, and "chmod o+x ~ ~/html" to set up the permissions correctly. If you want to serve content over https (encrypted http), that gets served from ~/secure_html. The same instructions apply other than the directory name.

www will automatically redirect requests for your pages to www1. For example, if your username is john, type http://www.cs.columbia.edu/~john into your web browser, and www will send your browser to http://www1.cs.columbia.edu/~john.

NOTE: If you have forms using the POST method, you will need to make sure that the ACTION attribute is either relative or points to www1. Some browsers do not correctly handle redirection of POST requests.

Running Cgis Over Https (advanced)

If you'd like to host a cgi script from your home directory, but require that it only be accessed using SSL, you have to do a bit of trickery. The web server will only run cgi scripts from your ~/html directory which is normally served by http (unencrypted) and won't run them from ~/secure_html, which does get encrypted.

The workaround is:

  1. Put the cgi script in a subdirectory of ~/html, eg: ~/html/secure/
  2. Create a symbolic link in ~/secure_html/ that points to the previous directory. Eg: "ln -s /home/ab1234/html/secure ~/secure_html/secure". Now the secure directory is accessible using http or https.
  3. Create a .htaccess file in the secure directory which forces accesses to use https: 
    # Redirect http requests to https
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
The way this works is that when (if) a request comes in for http://..../secure, the rewrite rule sends the request to https://... The web server then looks in ~/secure_html and happily follows the link to the folder in ~/html, and is willing to execute the cgi script there because it's in an allowed directory.

Redirecting Http To Https With Auth

The above solution has a problem if you're using http authentication. The require valid-user requirement has higher priority than the rewrite rule. So if someone accesses the page using http, it will prompt them to log in (over http) and then redirect them to https. This is undesirable because the password is sent in cleartext. The solution is to use a more hackish redirection method: 

# Redirect http requests to https. Must use SSLRequireSSL method with http auth.
SSLOptions +StrictRequire
SSLRequireSSL
ErrorDocument 403 https://example.com/somepage/
SSLRequireSSL sets up a requirement for an https connection. +StrictRequire ensures that this requirement is met. Some configurations allow the connection if any requirement is met so it would try to authenticate without SSL to see if the require valid-user requirement is met.

With those 2 lines in place, if a client tries to connect over http, they'll get a 403 error. The ErrorDocument line says, if someone hits a 403 error here, send them to the specified url which does use https. This is a little less flexible than the Rewrite method because the url must be hardcoded in the .htaccess file.