Valid as of 2000/05/31

The most recent copy can be found here: http://iis.intellis.net/readme.html

This document is intended to explain the default configuration of your HTTP server, and lead you through accessing and updating your WWW site.

Click on a section below to jump directly to it:

Intended audience
Additional help and support
Under the hood...
The configuration of your server
Usage reporting
Server specifics
Frequently asked questions

This document is intended to give technical staff members a better understanding of the configuration of your HTTP server. It also contains information that will be useful to those staff members who will be updating the contents of your WWW site.

If after reading this document you still have questions, or you would like changes made to the configuration of your server please contact us at:

Your HTTP server is the engine that drives your WWW site on the Internet. Let's take a quick look at how it has been configured, and some of its features.

The StrongHold Web Server (Apache) has been chosen as our standard for HTTP server software. Your server has received the standard configuration, designed to support the common needs of our clients without sacrificing security.

This configuration includes the following:

• The clickable imagemaps facility is activated.

• Your server is configured to look for the following files by default:

• Directory Indexing has been deactivated.
  This is important to note, as this is not a default configuration for most servers. We consider this to be one more way to make your site more secure. That is, if a user does not specify a file and one of the default index files (listed above) are not present, they will be given an error message indicating that access to that directory is forbidden. Had directory indexing been enabled, the user would have been provided with a list of the underlying files and directories that exist on your server.

• Read and execute, but not write access to the Global CGI directory has been enabled.
  There is a collection of general purpose CGI scripts available for use and can be accessed using the directory cgi-bin.  We offer a web-to-email gateway (FormMail), and a counter applications (Count). More information on these added services is available from the intellis helpdesk upon request.

• Local CGI access has been disabled.
  If you wish to run custom CGI programs, please contact the intellis helpdesk as a personal CGI directory must be created and the scripts reviewed before being activated. Once the program has been reviewed and accepted, it will be installed into your CGI directory (local-cgi) for your use.
  
  Note: There is an additional fee for the installation & evaluation of custom CGI scripts.

• Important Notes about CGI Scripts & Programs
  --Our WWW complex runs under Sun Solaris, a version of the UNIX operating system. As a result, CGI programs written to run under any other operating system will not work on your server. We assume that any programs you submit for our evaluation have been fully tested and are working prior to being sent to our testers.
  
  --Perl is available as your default CGI scripting language.  CGI programs can also be developed with C or C++, but these programs must be compiled to work in a Solaris 2.6 environment. The code must also be made so that it can be checked for security considerations.
  
  --All CGI scripts and programs must not exceed 200 lines or they will fall under a different category and special pricing and evaluations will be necessary.
  
  --All CGI scripts and programs installed in our server environment must conform to W3C security standards that can be found here:
  
  http://www.w3.org/Security/faq/www-security-faq.html

• Since we are operating in a UNIX environment your server is case sensitive.
  This means that files called "INDEX.HTML" and "index.html" are different. Operating systems such as Microsoft Windows95 are not case sensitive and though the two filenames look different, they are considered the same as far as the computer is concerned.

• The non-executable functions of Server Side Includes (SSI) have been activated.

• Microsoft FrontPage Server Extensions are not available with our intellis plans.

• Server-side Java and server-side javascript support is not available with our hosting service. For this reason, and others, it is imperative that you contact the intellis helpdesk before beginning to design any customer applications for use with your web site.

As part of your Presence subscription, you have the ability to view reports concerning how often customers are visiting your web site. Each time someone accesses your Presence site, the web server records who visited your site, when they visited the site, and what they viewed. This information is available through a monthly email.

The last 90 days of usage history is maintained for your use.

The entry-level reporting option included with your subscription contains the following information:

1. Total number of unique visitors
2. Total number of visits, including multiple visits by unique visitors
3. Total number of page hits - offers the option of viewing the results by URL or by the files title
4. Total number of hits
5. Day -by-day breakdown of visits, page hits, and total hits
6. Average number of pages hit by each visitor
7. Average number of visitors accessing your site each day
8. Average number of page hits per day
9. Average number of total hits per day
10. A list and hit count of files excluded from the report (see filters)
11. A list of error codes listed by name and frequency

Additional reporting options are available on a fee for service basis. The basic options available include:

1. Average number of total hits per hour
2. Average percentage of total hits per hour
3. The most frequent "x" visitor who have accessed "your site" with at least "y" hits
4. The most frequent "x" files that were accessed at least "y" times on "your site"
5. Reports outlining any problem areas or fields within your site that generate http errors

Hardware:               Sun Enterprise Ultra2
Operating system:    Solaris 2.6
Web server:             StrongHold Web Server 2.4.2
Perl version:             5
RealServer version:  7

Q. The specs for the server indicate that "the non-executable functions of Server Side Includes (SSI) have been activated.". Can executable functions also be enabled for this site?
A. No. Read this for more information: http://www.w3.org/Security/faq/wwwsf2.html#Q10.

Q. What is the default umask for permission settings of new files on the server?
A. The default umask is 027, which translates to permissions of 750.

Q. Can an NSAPI plug-in be added to the web server?
A. No.

Q. Are cron jobs available on the server?
A. Yes. They are added to the web server at the customers request by the system administrator.

Q. Would a standalone Java CGI application be possible?
A. The most popular usage of JavaScript is client side which means it is executed by the clients web browser - not the server. As a result, the customer can use as much client side JavaScript as they please, no matter what type of account they have hosted with us - as long as they have space.

Q. What access would we be permitted to the production web server in developing this site? Telnet, FTP, Web, etc?
A. Web and FTP are the only permittable access methods.

Q. Does NBTel have a preferred development server?
A. We would prefer that development be done on a server that closely resembles ours to avoid any portability problems but we understand that not all developers would have access to a Sun SPARC machine with the Sun Solaris OS that is running the StrongHold WebServer 2.4.2

Q. What limits are there on diskspace?
A. You can purchase as much space as you require.

Q. To ensure secure transactions on the site, would it be possible to run the site with an encryption level of 40-bit SSL?
A. Yes. We also support 128-bit encryption for secure transactions however be aware that end users may have to upgrade their browsers to use the encryption