Networks and Network Security (CS 560)

Part 1: Create a simple web server (80 points)

http://stu.cs.jmu.edu:2130/file

• Methods

• Content Types

Your server will need to deliver different types of files. You'll need to do some reading and experimenting to understand how that works. Your program should be able to deliver at least the following types of files: image/gif, image/jpg, text/html, text/plain.

• Security

Your server should also provide a small amount of security. At the very least it should ensure that it only serves files that meet all of the follow criteria:
 

• The file is owned by you (Note: remember that I, not you, will be running your web server, so do not check that the requested file is owned by whoever is running the web server. Check that it is owned by your userid - see the stat system call under "man fstat").
• The file resides in the public_html subdirectory (or a subdirectory in public_html) in your home directory on stu. Your public_html directory (and any subdirectoies within it) should be world executable (i.e. you need to "chmod 755 public_html").
• The file is world readable (i.e. you should "chmod 644 x", where x is the name of your html, jpg, and gif files).

Part 2: Support Common Gateway Interface (CGI) scripts (10 points)

This part of the assignment is optional and can earn you up to ten points of extra credit if completed. Make your server capable of handling CGI scripts with arguments. Again, your server should enforce a small bit of security by making sure that it only executes scripts that meet the following minimum criteria:

• The script is owned by you
• The script resides in a cgi-bin subdirectory within public_html
• The script is world executable

Part 3: Document your server (20 points)

• All of the documentation for your project must be available on the World Wide Web and accessible by your server. You must explain your security mechanisms, what kind of operations you support, etc.

• Leave a copy of your shttpd program in your home directory on stu. It should be world-executable so that I can run it (i.e. you need to "chmod 755 shttpd"). When started with no arguments it must print out the URL that I should type to access your documentation. For example:

Your demo should show all of the things that your server can do. You could have a link that says "Click here to view the file foo.html (of type text/html)" and another that says "Click here to view the file elvis.jpg (of type image/jpg)". Your demo should also explain your security mechanisms and show some examples of pages that your program won't serve because they don't meet the security criteria. For example, "Click here to try to view the file restricted.html (it won't work because restricted.html is not world readable)". If you completed part 2,your demo should also run some sample CGI scripts that take arguments and illustrate your security mechanisms for CGI scripts. For example, "Enter text in the two text boxes below and click on 'Submit'. This will run the CGI script test1.sh which prints out the text." Your demo pages and scripts don't have to be designed as described above, but they should clearly demonstrate all of your server's features and capabilities.

Hints:

• Only ports 5001-5100 on stu are available from off campus. Run your shttpd or the TCPechod on one of those ports if you want to communicate with it from off campus.

• I'm purposely leaving a lot of the "research" about web servers and how they work up to you. You'll need to do some reading and experimenting. There are lots of sample web servers out there and many that include source code. Please do not look at or use anybody else's source code for a web server as that defeats the purpose of the assignment. I recommend that you start by skimming this document and search for other information as you need it.

• Here is an example that you can use to experiment with the types of requests a web server gets and the types of replies it sends.

• The file proj4.tar.uu contains some code that you might find useful for this assignment. You can find a copy in my home directory on stu. The code implements a TCP echo daemon, TCPechod, which creates a stream socket and listens for requests. When a request arrives the daemon forks off a child to handle the request and listens for new requests. The child will echo the request back to the sender, close the socket, and exit. You are welcome to use this code as a starting point for your shttpd program. If you do, you will need to make the child do some checking and serve the web page back to the client instead of just echoing back the request.

What is due:

• Leave a world executable copy of your shttpd program in your home directory on stu. Submit an electronic copy of a README file that tells me how to run your program. For example, "Log into stu. Cd to ~tjadenbc. Type ./shttpd 2130". When your server starts it should print out "Server starting, enter URL http://stu.cs.jmu.edu:2130/demo.html in your web browser to see my demo". All your demo pages should be on the Web so that I can access them with my web browser once I've started your shttpd program.

• An electronic copy of your program:
• Create a directory named proj4 and put all of your program's source files in it.
• Cd to the directory above proj4 and create a tarfile of the directory with the command "tar -cvf youruserid.proj4.tar proj4" where youruserid is your username on stu. For example, if I were submitting a program it would be named "tjadenbc.proj4.tar". (See "man tar" for help with the tar command).
• Uuencode your tarfile with the command "uuencode youruserid.proj4.tar proj4.tar > youruserid.proj4.tar.uu" (See "man uuencode" for help with the uuencode command).
• Check the file youruserid.proj4.tar.uu to see that you can uudecode and untar it to get back your original files.
• Submit the file youruserid.proj4.tar.uu by midnight on Sunday, December 6th.


• Here is a copy of the grading sheet I will use to grade your project.