Computer Laboratory web servers and web sites
The Computer Laboratory operates a number of web sites, along with other services which use the HTTP protocol. The main server used to host most of the sites, but as of 2007, the sites are moving to use separat servers, so that individual sites can be updated or left ASIS as appropriate.
The main catagories of machines are
- Lab Managed machines which provide external services
- Group managed machines which are used as back ends for host proxied of a Lab Managed server
- Internal services
- other services using HTTP
The security model for each is termined by their exposure, and the resources they require. For example, if a machine has no access to the Lab fileservers, the security concerns are greatly reduced.
Lab Managed machines (e.g. haverhill)
The Computer Laboratory's main web server haverhill (being replaced in 2007) is characterised by:
- software: Apache 2.2 with HTTPS (under Linux)
- disk space: full access to all of the departmental file server (elmer)
- Page types: nearly all pages are static files. A few CO managed CGI scripts are used.
- hosts the lab's main site http://www.cl.cam.ac.uk/
- hosts the personal web pages of Lab members
- acts as a virtual host for a number of other sites
- tunnels HTTP traffic to several internal servers that are not directly reachable from outside the Lab
This main webserver is managed by Martyn Johnson and Piete Brooks. Their email address in this regard is webmaster.
Shell login to the web server is restricted to system administrators, but the directories with the files served are accessible from all Lab administered Linux and Windows machines.
Conversely, the "dynamic" server is characterised by:
- software: Apache 2.2 with HTTPS and LAMP (under Linux)
- disk space: very restricted access to a very small part of the departmental file server (elmer)
- page types: the emphasis is on dynamic pages (e.g. CGI and PHP), managed by users.
- hosts the lab's "dynamic" site http://www-dyn.cl.cam.ac.uk/
- does not provide any other services
Main web site
The Computer Laboratory News blog (headlines on the front page) is edited by Jan Samols and Caroline Stewart.
Many parts of the main web site are looked after by other maintainers. Where this is the case, the relevant contact details of the person(s) in charge are given at the bottom of the page.
Back end servers
Some websites (e.g. http://www.cl.cam.ac.uk/research/dtg/ are fronted by the main server, with requests being forwarded to a back end server. This ensures central logging and control, and allows extra network access controls to the machine.
Internal servers are not visible from outside the department, so the security concerns are much reduced. They can be user managed, with full access to Lab resources.
Other services using HTTP (e.g. CUPS, nagios, mrtg, webcams, BMCs, Netapps)
A very wide range of applications, and a growing number of embedded systems now include web management or access. These are normally blocked from access from outside the department.