Web Publishing: Customizing your web account

	Division of Information Technology Web Publishing @ SFSU Customizing your web account
Customizing Options	The World Wide web servers at SFSU allow users to: Add new MIME type definitions to describe how linked document files (ShockWave, Word) should be processed. Note: Some MIME types are predefined on SFSU servers www.sfsu.edu, userwww.sfsu.edu and online.sfsu.edu Restrict access to their WWW documents based on Internet address of the client. Redirect visitors if errors such as "Not found" occur.
Overview	Adding MIME types, access restrictions, and error redirections of each user's files are controlled by a file named ".nsconfig", located in user's web directory. The ".nsconfig" file consists of sets of directives that control the server, surrounded by "Files" tags: `<Files PATTERN1> ... directives ... </Files> <Files PATTERN2> ... directives ... </Files>` PATTERN1 and PATTERN2 are wildcard patterns which tell the server which files or directories to apply the directives to. Any specified pattern affects only the files placed in a users web directory. There may be as many "Files" sets in the ".nsconfig" file as you need, and each set can contain more than one directive. For example, to apply directives to a user's subdirectory `private,` located in 'web space', the "Files" tags would look something like this: `<Files private/> ... directives ... </Files>` In the pattern above, "private/" indicates the directory to be protected, and "" indicates that the directives apply to all files and subdirectories of that directory.
Adding MIME Types	".nsconfig" files allow users to specify what MIME type should be reported for specific files in their html directory. This type will then be used by the client when deciding how to process the document. The directive to use for these purposes is "addtype", which like any other directive in .nsconfig, should appear inside the <Files PATTERN> ... </Files> tags. The syntax is as follows: addtype exp=SHEXP type=mime-type Where "SHEXP"is a wildcard pattern that tells the server which files to associate the "mime-type" with. Examples To add support for MacroMedia ShockWave extensions, the following can be added to the .nsconfig file: `<Files > addtype exp=.dcr type=application/x-director addtype exp=.dir type=application/x-director addtype exp=.dxr type=application/x-director </Files>` This will tell the server to report all files with the extensions "dcr", "dir", and "dxr" to be of type "application/x-director". To add support for Microsoft Word files, the following can be added to the .nsconfig file: `<Files > addtype exp=.doc type=application/msword </Files>` To add support for MIDI files, the following can be added to the .nsconfig file: <Files > addtype exp=.mid type=audio/midi </Files>
Internet Address Authorization	This method allows you to restrict connections to certain Internet hosts. Be aware that hostnames are not that hard to spoof - you should not consider this facility to be very secure. The appropriate directive to be surrounded by the "Files" tags is RestrictAccess, and can be used as follows: `<Files PATTERN> RestrictAccess type=action ip=ip_pattern dns= host_pattern return-code=code </File>`
	"action" should be either "allow" or "deny", and specifies whether you want to allow or deny access to the pages. "ip_pattern" is the wildcard pattern specifying IP addresses that should be allowed or denied access (for example, "130.212."). This switch can be used together with the dns* switch, or by itself. "host_pattern" is the wildcard pattern specifying hostnames that should be allowed or denied access (for example, ".somehost.com"). This switch can be used together with the ip switch, or by itself. "code" should be either "403" or "404", and tells the server which error code to return when access is denied. "403" is the standard "Authorization denied" error, and will be used by default if the return-code* switch is not included in the directive. The "404" error is "Not found", and allows you to keep the visitor from even being able to find out if a specific file exists.
Changing a Delivered Error Message	The Netscape servers we are using at SFSU allows users to specify URLs to be displayed in place of default messages when errors (such as "Not found") occur. This is achieved by placing an ErrorFile directive in the user's ".nsconfig" file, which is described in greater detail below. As all other directives in the ".nsconfig" file, ErrorFile needs to be surrounded by "Files" tags in the following manner: <Files PATTERN> ErrorFile code=error_code path=html_file </Files> "PATTERN" is a wildcard pattern which tells the server which files or directories to apply the directive to. Any specified pattern is automatically prefixed with `~accountname/`. "error_code" is the standard HTTP code that specifies the error we want to catch. The following are acceptable error codes and their reasons: 401 Unauthorized 403 Forbidden 404 Not found 500 Server error "html_file" should be a valid URL to the local server but without the `http://servername.sfsu.edu` prefix (such as "/~username/myfile.html"). This URL will be displayed if the error occurs. Example If I wanted to display URL `http://servername.sfsu.edu/~username/lost.htm` whenever a non-existent file in directory `~username/` gets accessed, I would put the following into the `~username/.nsconfig` file: <Files > ErrorFile code=404 path=/~username/lost.htm </Files> The order in which multiple RestrictAccess* directives appear is important - the server will use the value from the last directive for the final result. The default for hosts not specified by a pattern is denial. For example, if you had the following directives in the ".nsconfig" file: <Files PATTERN> RestrictAccess type=allow dns=* RestrictAccess type=deny dns=.somehost.com </Files> The server would allow anyone except people from "somehost.com" to access your pages. On the other hand, if you used: <Files PATTERN> RestrictAccess type=deny dns=.somehost.com RestrictAccess type=allow dns=* </Files> Since the allow directive is last, it would still allow anyone from "somehost.com" to access your pages! Also note that without the "dns=" entry, everyone would be denied (not just "somehost.com".) Several of the SFSU subscriptions to online services require under the subscription agreement to restrict access to SFSU authorized persons.* The following example restricts access to the directory sfsuonly to just the sfsu.edu domain (including persons using alternate on-campus internet entry points that may have no SFSU affiliation, e.g. thecity.sfsu.edu): <Files sfsuonly/> RestrictAccess type=deny dns= RestrictAccess type=allow dns=.sfsu.edu RestrictAccess type=allow ip=130.212. RestrictAccess type=deny ip=130.212.2.102 RestrictAccess type=deny dns=thecity.sfsu.edu </Files>
For More Information	MIME (Multipurpose Internet Mail Extensions)

Home Search Need Help?

1600 Holloway Avenue, San Francisco, CA 94132 (415) 338-1111
Last modified February 26, 2008 by the Web Team