Web Servers

Many people on campus run their own web servers. This page is to provide them with hints on where to look for suitable software and to give advice about bad practice which should be avoided.

Please be sure to read the University's Acceptable Use Policies before publishing material on any web server which is sited on a University network.

Common Web Server Software

Many operating Systems and software packages now include basic web server functionality. For those who need more there are:

• Apache - the most widely used web server software, which also happens to be open-source.
• Lighttpd - a widely used, open-source web server.
• Internet Information Server (IIS), Microsoft's web server.
• Zeus.
• Sun/iPlanet web servers

Major Additional Software

• FrontPage extensions - these are a standard feature of IIS but are also available for Apache in the form of Microsoft-supplied binaries. I advise against using these due to the many serious bugs and security holes which were found in previous versions.
• WebDAV - the recent W3 standard for doing FrontPage-Extensions-like uploading to web servers. Available as an add-in module for Apache and now shipping in the standard Apache package.

Streaming Media Server Software

For people who need to go beyond what a basic web server can offer as a multimedia server, here are a links to a few common media server packages:

• Windows Media Server
• QuickTime Streaming Server
• Apple's open-source Darwin Streaming Server

Securing Your Web Server

Web servers are very visible to people outside the University. For this reason they are often the first systems which nefarious hackers will try to subvert. As a result you need to take care that your web server software and the system it runs upon are secure.

Although securing your server can take quite a lot of work, the costs of recovering from an electronic break-in can be very high particularly on systems with many users or valuable data or where the system has been used to attack other systems.

Good security means:

• Running only software which you are sure is secure. If you aren't certain what it is and how it works then don't install it!
• Regularly checking that security holes haven't been discovered in your OS or software packages - vendors often maintain security announcement web pages for this purpose.
• Taking basic precautions to ensure that your system isn't an open door to unwanted visitors:
  • Check your password files. For example, many older SGI workstations shipped with utterly insecure configurations, such as having default user accounts which had no passwords.
  • Many systems also have dozens of unwanted services installed by default (usually in /etc/inetd.conf or /etc/rc?.d/ on unix-like systems) and unless these are disabled or properly maintained they present a weakness in the systems' security.

Some useful security links:

• Securing and Optimizing Linux.
• Securing a Windows NT 4.0 Server.
• Securing a Windows 2000 Server.
• Security advice (on the Intranet).

[ Home] | [ Computing Services ] | [ Resources for Information Providers ]

Webmaster@lboro.ac.uk, July 2008.

Copyright © Loughborough University. All rights reserved.